1. A technician is designing a solution that will be required to process sensitive information, including classified government data. The system needs to be common criteria certified.

Which of the following should the technician select?

2. A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

3. A company Is determining where to host a hot site, and one of the locations Being considered Is In another country.

Which of the following should be considered when evaluating this option?

4. A security administrator is implementing a SIEM and needs to ensure events can be compared against each other based on when the events occurred and were collected.

Which of the following does the administrator need to implement to ensure this can be accomplished?

5. An engineer is configuring a wireless network using PEAP for the authentication protocol.

Which of the following is required?

6. A network administrator was concerned during an audit that users were able to use the same passwords the day after a password change policy took effect.

The following settings are in place:

- Users must change their passwords every 30 days.

- Users cannot reuse the last 10 passwords.

Which of the following settings would prevent users from being able to immediately reuse the same passwords?

7. A user is unable to obtain an IP address from the corporate DHCP server.

Which of the following is MOST likely the cause?

8. A security analyst needs a solution that can execute potential malware in a restricted and isolated environment for analysis. In which of the following technologies is the analyst interested?

9. A company recently experienced data exfiltration via the corporate network. In response to the breach, a security analyst recommends deploying an out-of-band IDS solution. The analyst says the solution can be implemented without purchasing any additional network hardware.

Which of the following solutions will be used to deploy the IDS?

10. A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks.

Which of the following methods would BEST prevent the exfiltration of data? (Select TWO).

11. A security engineer is concerned about susceptibility to HTTP downgrade attacks because the current customer portal redirects users from port 80 to the secure site on port 443.

Which of the following would be MOST appropriate to mitigate the attack?

12. A coding error has been discovered on a customer-facing website. The error causes each request to return confidential PHI data for the incorrect organization. The IT department is unable to identify the specific customers who are affected. As a result, all customers must be notified of the potential breach.

Which of the following would allow the team to determine the scope of future incidents?

13. A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:

14. A security analyst is reviewing the password policy for a service account that is used for a critical network service.

The password policy for this account is as follows:

Enforce password history: Three passwords remembered

Maximum password age: 30 days

Minimum password age: Zero days

Complexity requirements: At least one special character, one uppercase

Minimum password length: Seven characters

Lockout duration: One day

Lockout threshold: Five failed attempts in 15 minutes

Which of the following adjustments would be the MOST appropriate for the service account?

15. The Chief Security Officer (CSO) for an online retailer received a report from a penetration test that was performed against the company's servers. After reviewing the report, the CSO decided not to implement the recommended changes due to cost; instead, the CSO increased insurance coverage for data breaches.

Which of the following describes how the CSO managed the risk?

16. A technician wants to implement PKI-based authentication on an enterprise wireless network.

Which of the following should configure to enforce the use for client-site certificates?

17. After a ransomware attack. a forensics company needs to review a cryptocurrency transaction between the victim and the attacker.

Which of the following will the company MOST likely review to trace this transaction?

18. A coffee company which operates a chain of stores across a large geographical area is deploying tablets to use as point-of-sale devices.

A security consultant has been given the following requirements:

- The cashiers must be able to log in to the devices quickly.

- The devices must be compliant with applicable regulations for credit card usage

- The risk or loss or theft of the devices must be minimized

- If devices are lost or stolen, all data must be removed from the device

- The devices must be capable of being managed from a centralized location

Which of the following should the security consultant configure in the MDM policies for the tablets? (Select TWO)

19. Which of the following are disadvantages of full backups? (Select THREE)

20. The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained.

Which of the following would be BEST to improve the incident response process?

21. Which of the following documents would provide specific guidance regarding ports and protocols that should be disabled on an operating system?

22. A company's IT staff is given the task of securely disposing of 100 server HDDs. The security team informs the IT staff that the data must not be accessible by a third party after disposal.

Which of the following is the MOST time-efficient method to achieve this goal?

23. During incident response procedures, technicians capture a unique identifier for a piece of malware running in memory.

This captured information is referred to as:

24. A penetration tester is checking to see if an internal system is vulnerable to an attack using a remote listener.

Which of the following commands should the penetration tester use to verify if this vulnerability exists? (Choose two.)

25. A company recently experienced a security breach. The security start determined that the intrusion was due to an out-of-date proprietary software program running on a non­compliant server. The server was imaged and copied onto a hardened VM. with the previous connections re-established.

Which of the Mowing Is the NEXT step in the incident response process?

26. A common asymmetric algorithm utilizes the user's login name to create the key to encrypt communications.

To ensure the key is Afferent each time the user encrypts data which of the following should be added to the login name?

27. A network engineer needs to allow an organization's users to conned their laptops to wired and wireless networks from multiple locations and facilities, while preventing unauthorized connections to the corporate networks.

Which of the following should be Implemented to fulfill the engineer's requirements?

28. A technician is recommending preventive physical security controls for a server room.

Which of the technician MOST likely recommend? (Select Two).

29. A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard.

Which of the following types of controls should be used to reduce the risk created by this scenario?

30. Management wants to ensure any sensitive data on company-provided cell phones is isolated in a single location that can be remotely wiped if the phone is lost.

Which of the following technologies BEST meets this need?

31. A law ofce has been leasing dark ber from a local telecommunications company to connect a remote ofce to company headquarters. The telecommunication company has decided to discontinue its dark ber product and is offering an MPLS connection.

Which the law office feels is too expensive.

Which of the following is the BEST solution for the law office?

32. Exploitation of a system using widely known credentials and network addresses that results in DoS is an example of:

33. Which of the following controls does a mantrap BEST represent?

34. A technician wants to add wireless guest capabilities to an enterprise wireless network that is currently implementing 802.1X EAP-TLS.

The guest network must

- Support client Isolation.

- Issue a unique encryption key to each client.

- Allow guests to register using their personal email addresses

Which of the following should the technician implement? (Select TWO),

35. After discovering a security incident and removing the affected files, an administrator disabled an unneeded service that led to the breach.

Which of the following steps in the incident response process has the administrator just completed?

36. The web platform team is deploying a new web application During testing, the team notices the web application is unable to create a TLS connection to the API gateway. The administrator created a firewall rule that permit TLS traffic from the web application server to the API gateway. However, the firewall logs show all traffic is being dropped.

Which of the following is MOST likely causing the issue'

37. A security administrator has created a new group policy object that utilizes the trusted platform module to compute a hash of system files and compare the value to a known-good value.

Which of the following security concepts is this an example of?

38. Company engineers regularly participate in a public Internet forum with other engineers throughout the industry.

Which of the following tactics would an attacker MOST likely use in this scenario?

39. A chief information security officer (CISO) asks the security architect to design a method for contractors to access the company's internal wiki, corporate directory, and email services securely without allowing access to systems beyond the scope of their project.

Which of the following methods would BEST fit the needs of the CISO?

40. Which of the following is the main difference between symmetric end asymmetric cryptographic algorithms?

41. A technician is required to configure updates on a guest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates.

Which of the following should the technician implement?

42. When choosing a hashing algorithm for storing passwords in a web server database, which of the following is the BEST explanation for choosing HMAC-MD5 over simple MD5?

43. Staff members of an organization received an email message from the Chief Executive Officer (CEO) asking them for an urgent meeting in the main conference room. When the staff assembled, they learned the message received was not actually from the CEO.

Which of the following BEST represents what happened?

44. Which of the following help find current and future gaps in an existing COOP?

45. A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operations in the event of a prolonged DDoS attack on its local datacenter that consumes server resources.

Which of the following will the CISO MOST likely recommend to mitigate this risk?

46. Which of the following implements a lossy algorithm?

47. A systems administrator wants to secure a backup environment so backups are less prone to ransomware attacks. The administrator would like to have a fully isolated set of backups.

Which of the following would be the MOST secure option for the administrator to Implement?

48. In which of the following risk management strategies would cybersecurity insurance be used?

49. A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM.

Which of the following is the administrator protecting against?

50. Which of the following BEST describes the concept of persistence in the context of penetration testing?

51. An Organization requires secure configuration baselines for all platforms and technologies that are used. If any system cannot conform to the secure baseline, the organization must process a risk acceptance and receive approval before the system is placed into production. It may have non-conforming systems in its lower environments (development and staging) without risk acceptance, but must receive risk approval before the system is placed in production. Weekly scan reports identify systems that do not conform to any secure baseline.

The application team receive a report with the following results:

There are currently no risk acceptances for baseline deviations. This is a mission-critical application, and the organization cannot operate If the application is not running. The application fully functions in the development and staging environments.

Which of the following actions should the application team take?

52. An organization handling highly condential information needs to update its systems.

Which of the following is the BEST method to prevent data compromise?

53. A critical enterprise component whose loss or destruction would significantly impede business operations or have an outsized impact on corporate revenue is known as:

54. A security administrator wants to determine if a company's web servers have the latest operating system and application patches installed.

Which of the following types of vulnerability scans should be conducted?

55. An application developer has neglected to include input validation checks in the design of the company's new web application. An employee discovers that repeatedly submitting large amounts of data, including custom code to an application will allow the execution of the custom code at the administrator level.

Which of the following BEST identifies this application attack?

56. An organization's Chief Executive Officer (CEO) directs a newly hired computer technician to install an OS on the CEO‘s: personal laptop. The technician performs the installation, and a software audit later in the month indicates a violation of the EULA occurred as a result.

Which of the following would address this violation going forward?

57. A security analyst is reviewing the logs from a NGFWs automated correlation engine and sees the following:

Which of the following should the analyst perform FIRST?

58. A government agency with sensitive information wants to virtualize its infrastructure.

Which of the following cloud deployment models BEST fits the agency's needs?

59. Which of the following represents a multifactor authentication system?

60. An organization has created a review process to determine how to best handle data with different sensitivity levels.

The process includes the following requirements:

- Soft copy Pll must be encrypted.

- Hard copy Pll must be placed In a locked container.

- Soft copy PHI must be encrypted and audited monthly.

- Hard copy PHI must be placed in a locked container and inventoried monthly.

Locked containers must be approved and designated for document storage. Any violations must be reported to the Chief Security Officer {CSO}.

While searching for coffee in the kitchen, an employee unlocks a cabinet and discovers a list of customer names and phone numbers.

Which of the following actions should the employee take?

61. Which of the following penetration testing concepts is an attacker MOST interested in when placing the path of a malicious file in the windows/Currentversion/Run registry key?

62. To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving.

Which of the following cloud models would BEST meet the needs of the organization?

63. Which of the following command line tools would be BEST to identify the services running in a server?

64. An attacker has obtained the user ID and password of a datacenter’s backup operator and has gained access to a production system.

Which of the following would be the attacker's NEXT action?

65. A technician is configuring an intrusion prevention system to improve its ability to find and stop threats In the past, the system did not detect and stop some threats.

Which of the following BEST describes what the technician is trying to correct with the new configuration?

66. A security analyst is asked to check the configuration of the company's DNS service on the server.

Which of the following command line tools should the analyst use to perform the Initial assessment?

67. A company uses WPA2-PSK. and it appears there are multiple unauthorized devices connected to the wireless network A technician suspects this is because the wireless password has been shared with unauthorized individuals.

Which of the following should the technician implement to BEST reduce the risk of this happening in the future?

68. A security analyst is implementing mobile device security for a company. To save money,

management has decided on a BYOD model. The company is most concerned with ensuring company data will not be exposed if a phone is lost or stolen.

Which of the following techniques BEST accomplish this goal? (Select TWO)

69. A technician is implementing 802 1X with dynamic VLAN assignment based on a user Active Directory group membership.

Which of the following configurations supports the VLAN definitions?

70. An organization wants to control user accounts and privileged access to database servers. The organization wants to create an audit trail of account requests and approval. but also wants to facilitate operational efficiency when account and access changes are needed. The organization has the following account management practices:

Which of the following should the security consultant configure in the MDM policies for the tables? (Select TWO.)

71. Which of the following is the MOST likely motivation for a script kiddie threat actor?

72. A security administrator has received multiple calls from the help desk about customers who are unable to access the organization's web server. Upon reviewing the log files the security administrator determines multiple open requests have been made from multiple IP addresses, which is consuming system resources.

Which of the following attack types does this BEST describe?

73. A company is implementing a remote access portal so employees can work remotely from home. The company wants to implement a solution that would securely integrate with a third party.

Which of the following is the BEST solution?

74. During a risk assessment, results show that a fire in one of the company's datacenters could cost up to $20 million in equipment damages and lost revenue. As a result, the company insures the datacenter for up to $20 million in damages for the cost of $30,000 a year.

Which of the following risk response techniques has the company chosen?

75. A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The CIO wants to keep control over key visibility and management.

Which of the following would be the BEST solution for the CIO to implement?”

76. Users are attempting to access a company's website but are transparently redirected to another website. The users confirm the URL is correct.

Which of the following would BEST prevent this issue in the future?

77. A Chief Information Security Officer (CISO) is performing a BIA for the organization in case of a natural disaster.

Which of the following should be at the top of the CISO’s list?

78. A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee's hard disk.

Which of the following should the administrator use?

79. An administrator performs a workstation audit and finds one that has non-standard software installed. The administrator then requests a report to see if a change request was completed for the installed software. The report shows a request was completed.

Which of the following has the administrator found?

80. An organization’s policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using any of their previous 12 passwords. The quantization does not use single sign-on, nor does it centralize storage of passwords.

The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected for that separate system. Account login has been detected for users who are on vacation.

Which of the following BEST describes what is happening?

81. A security administrator is investigating a possible account compromise. The administrator logs onto a desktop computer, executes the command notepad.exe c:Tempqkakforlkgfkja.1og, and reviews the following:

Lee,rI have completed the task that was assigned to merrespectfullyrJohnr

https://www.portal.comrjohnuserrilovemycat2

Given the above output, which of the following is the MOST likely cause of this compromise?

82. An organization wants to control user accounts and privileged access to database servers. The organization wants to create an audit trail of account requests and approvals, Out also wants to facilitate operational efficiency when account and access changes are needed.

The organization has the following account management practices.

- Access requests are processed through a service ticket that requires server and system owner approval.

- Once approved, user access is granted directly to the user's privileged account

- The requests and approvals are sent to the security officer where they are retained for future audits.

- Account activity and user activity are monitored and audited monthly by the business unit.

Which of the following changes should be implemented?

83. Which of the following is the BEST use of a WAF?

84. A security administrator is choosing an algorithm to generate password hashes.

Which of the following would offer the BEST protection against offline brute force attacks?

85. An organization wants to set up a wireless network in the most secure way. Budget is not a major consideration, and the organization is willing to accept some complexity when clients are connecting. It is also willing to deny wireless connectivity for clients who cannot be connected in the most secure manner.

Which of the following would be the MOST secure setup that conforms to the organization’s requirements?

86. A company is examining possible locations for a hot site.

Which of the following considerations is of MOST concern if the replication technology being used is highly sensitive to network latency?

87. The CSIRT is reviewing the lessons learned from a recent incident A worm was able to spread unhindered throughout the network and infect a large number of computers and servers.

Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

88. Ann, a new employee, received an email from an unknown source indicating she needed to click on the provided link to update her company's profile.

Once Ann clicked the link, a command prompt appeared with the following output:

Which of the following types of malware was executed?

89. A red team initiated a DoS attack on the management interface of a switch using a known vulnerability. The monitoring solution then raised an alert prompting a network engineer to log in to the switch to diagnose the issue When the engineer logged in. the red team was able to capture the credentials and subsequently log in to the switch.

Which of the following actions should the network team take to prevent this type of breach from reoccurring?

90. The Chief Information Security Officer (CISO) at a large company tasks a security administrator to provide additional validation for website customers.

Which of the following should the security administrator implement?

91. Which of the following can be used to increase the time needed to brute force a hashed password?

92. Ann. a user, reported to the service desk that many files on her computer will not open or the contents are not readable. The service desk technician asked Ann if she encountered any strange messages on boot-up or login, and Ann indicated she did not.

Which of the following has MOST likely occurred on Ann's computer?

93. An organization has the following password policies:

- Passwords must be at least 16 characters long.

- Three tailed login attempts will lock the account (or live minutes.

- Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol.

A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and suspicious logins are now being detected on the same server.

Which of the following is MOST likely the issue, and what should be done?

94. A company has drafted an Insider-threat policy that prohibits the use of external storage devices.

Which of the following would BEST protect the company from data exfiltration via removable media?

95. Poor inventory control practices can lead to undetected and potentially catastrophic system exploitation due to:

96. A systems administrator just issued the ssh-keygen -t rsa command on a Linux terminal.

Which of the following BEST describes what the rsa portion of the command represents?

97. A mobile application developer wants to secure an application that transmits sensitive information.

Which of the following should the developer implement to prevent SSL MITM attacks?

98. A company help desk as received several reports that employees have experienced identify theft and compromised accounts. This occurred several days after receiving an email asking them to update their personal bank information.

Which of the following is a vulnerability that has been exploited?

99. During the penetration testing of an organization, the tester was provided with the names of a few key servers, along with their IP address.

Which of the following is the organization conducting?

100. Which of the following security controls BEST mitigates social engineering attacks?