Which of the following techniques would most likely be used as a part of an insider threat reduction strategy to uncover relevant indicators?

A governance, risk, and compliance team created a report that notes the existence of a chlorine processing facility two miles from one of the company offices. Which of the following describes this type of documentation?

When a newly developed application was tested a specific internal resource was unable to be accessed. Which of the following should be done to ensure the application works correctly?

An analyst is reviewing log data from a SIEM alert about a suspicious event Threat intelligence indicates threats from domains originating in known malicious countries The analyst examines the following data. The Chief Information Security Officer asks the analyst to determine whether the SIEM alerts can be attributed to the domains of the threat intelligence report. Which of the following tools would allow the analyst to make this determination?

An organization is upgrading its wireless system and wants to require MFA in order for users to connect to Wi-Fi. New access points were installed and connected to the controller. Which of the following is the next piece of technology that will be required to enable MFA?

A security administrator is reviewing reports about suspicious network activity occurring on a subnet Users on the network report that connectivity to various websites is intermittent. The administrator logs in to a workstation and reviews the following command output: Which of the following best describes what is occurring on the network?

A security administrator analyzes server logs and sees multiple lines of the following format: The administrator is concerned about whether the request is valid. Which of the following attacks should the administrator evaluate?

A company wants to improve its access standards to prevent threat actors from logging in to the corporate network with compromised credentials in addition to MFA. the Chief Information Security Officer wants an additional layer of protection enabled based on certain criteria. Which of the following is the best way to provide additional protection?

Which of the following assists in training employees on the importance of cybersecurity?

A company policy states that all new SaaS applications must authenticate users through a centralized service. Which of the following authentication types should most likely be configured in order to comply with this policy?

Question #: A systems administrator is concerned about the output from web server logs Given the following snippet of the web server log file: Which of the following attacks occurred?

In order to save on expenses Company A and Company B agree to host each other's computer and storage disaster recovery sites at their primary data centers The two data centers are about a mile apart, and they each have their own power source When necessary, one company will escort the other company to its data center. Which of the following is the greatest risk with this arrangement?

A developer recently launched a new log-in page for a customer-facing website. Multiple customers are unable to log in because email address and password combinations are failing. The web servers begin to perform slowly and eventually crash Which of the following would most likely have prevented this issue?

A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior. Which of the following would be best for the administrator to reference?

The cybersecurity investigation team is requesting a budget increase m order to purchase and implement a commercial tool for collecting information. The information might include disk images and volatile memory from computers used by remote employees Which of the following digital forensic categories does the company want to implement?

An analyst in the human resources organization is responsible for the quality of the company's personnel data. The analyst maintains a data dictionary and ensures it is correct and up to date Which of the following best describes the role of the analyst?

A security analyst at an organization observed several user logins from outside the organization's network. The analyst determined that these logins were not performed by individuals within the organization. Which of the following recommendations would reduce the likelihood of future attacks? (Select two).

Question #:Which of the following is most likely to include a SCADA system?

A network analyst is performing a signal strength check to ensure the company's guest wireless network adequately covers the lobby where customers usually arrive. The analyst discovers that at the far end of the lobby a second guest network is broadcasting at full strength while the original network strength is quite weak. Which of the following is most likely happening?

A company's security policy states that only the production servers should have bidirectional internet access. Which of the following needs to be configured to comply with this policy?

Which of the following is a method used by some organizations to recognize and compensate security researchers for finding exploits and vulnerabilities?

An organization developed a virtual thin client running in kiosk mode that is used to access various software depending on the users' roles During a security evaluation, the test team identified the ability to exit kiosk mode and access system-level resources which led to privilege escalation. Which of the following mitigations addresses this finding?

Question #: A security analyst reviews web server logs and notices the following line: Which of the following vulnerabilities is the attacker trying to exploit?

An audit identified Pll being utilized in the development environment of a critical application The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers state that they require real data to perform developmental and functionality tests. Which of the following should a security professional implement to best satisfy both the CPO's and the development team's requirements?

Which of the following best describes the tolerances a security architect follows when designing a control environment?

Which of the following technologies can better utilize compute and memory resources for on-premises application workloads?

Which of the following secure coding practices involves keeping business logic within a database?

A company was notified that a breach occurred within its network. During the investigation the security team identified a sophisticated exploit that could not be identified or resolved using existing patching, vendor resources or remediation methods. Which of the following best describes this type of exploit?

Question #:A user reports performance issues when accessing certain network fileshares. The network team determines endpoint traffic is reaching one of the filestores but is being dropped on the return traffic. Which of the following should be corrected to solve this issue?

A utility company is designing a new platform that will host all the virtual machines used by business applications. The requirements include • A starting baseline of 50% memory utilization • Storage scalability • Single circuit failure residence Which of the following best meets all of these requirements?

An organization with high security needs is concerned about unauthorized exfiltration of data via Wi-Fi from within a secure facility. Which of the following security controls should the company implement?

An auditor discovered multiple insecure ports on some server’s Other servers were found to have legacy protocols enabled. Which of the following tools did the auditor use to discover these issues?

The SOC detected an increase in failed authentication attempts over the weekend. An engineer reviewed the following log output: Which of the following is the most likely attack based on the log information?

Which of the following is used to describe discrete characteristics of a potential weakness that results in a severity number?

An analyst observed an unexpected high number of DE authentication on requests being sent from an unidentified device on the network. Which of the following attacks was most likely executed in this scenario?

A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the following test describe the controls the team implemented? (Select two).

The Chief Information Security Officer (CISO) wants a product manager to include the following tasks as part of the deployment plans: • Delete test accounts • Delete test data • Share administrative passwords securely during the transition to production. Which of the following concepts will best enable the product manager to incorporate these tasks?

An incident response team for a media streaming provider is investigating a data exfiltration event of licensed video content that was able to circumvent advanced monitoring analytics The team has identified the following: ● 1 The analytics use machine learning with classifiers to label network data transfers. ● 2. Transfers labeled as "authenticated media stream’’ are permitted to egress, all ethers are interrupted/dropped ● 3. The most recent attempt was erroneously labeled as an "authenticated media stream." ● 4. An earlier attempt from the same threat actor was unsuccessful and labeled as "unauthorized media transfer." ● 5. The PCAP from the most recent event looks identical with the exception of a few bytes that had been modified Which of the following most likely occurred?

Which of the following provides guidelines for the management and reduction of information security risk?

Which of the following attributes would be the most appropriate to apply when implementing MFA?

A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

During an investigation, events from two affected servers in the same subnetwork occurred at the same time: Server 1: 192.168.10.1 [01/Apr/2021:06:00:00 PST] SAN access denied for user 'admin' Server 2: 192.168.10.6 [01/Apr/2021:06:01:01 CST] SAN access successful for user 'admin Which of the following should be consistently configured to prevent the issue seen in the logs?

Which of the following requirements apply to a CYOD policy? (Select two)

Which of the following strategies shifts risks that are not covered in an organization's risk strategy?

45) A security administrator checks the security logs of a Linux server and sees a lot of the following lines: Which of the following is most likely being attempted?

46) A company located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to quickly continue operations. Which of the following is the best type of site for this company?

47) Which of the following is performed to gain a better understanding of how specific devices are set up by identifying the arrangement of settings?

48) An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

49) An organization purchased and configured spare devices for all critical network infrastructure. Which of the following best describes the organization's reason for these actions?

Adding a value to the end of a password to create a different password hash is called:

An administrator reviewed the log files after a recent ransomware attack on a company's system and discovered vulnerabilities that resulted in the loss of a database server. The administrator applied a patch to the server to resolve the CVE score. Which of the following controls did the administrator use?

An employee finds a USB flash drive labeled "Salary Info" in an office parking lot. The employee picks up the USB flash drive, goes into the office, and plugs it into a laptop. Later, a technician inspects the laptop and realizes it has been compromised by malware. Which of the following types of social engineering attacks has occurred?

Which of the following examples would be best mitigated by input sanitization?

) Which of the following types of data are most likely to be subject to regulations and laws? (Select two). )

A security analyst is working with the IT group to define appropriate procedures for the destruction of media and assets in the enterprise environment. Which of the following methods provides the strongest level of assurance that the data has been disposed of properly?

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

A security analyst needs to centrally manage credentials and permissions to the company's network devices. The following security requirements must be met: • All actions performed by the network staff must be logged. • Per-command permissions must be possible. • The authentication server and the devices must communicate through TCP. Which of the following authentication protocols should the analyst choose?

An endpoint protection application contains critical elements that are used to protect a system from infection. Which of the following must be updated before completing a weekly endpoint check?

A company is experiencing a web services outage on the public network. The services are up and available but inaccessible. The network logs show a sudden increase in network traffic that is causing the outage. Which of the following attacks is the organization experiencing?

Which of the following does an air-gapped system provide?

An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates. Which of the following best describes the type of information the analyst is trying to extract from the image files?

Which of the following is an algorithm performed to verify that data has not been modified?

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

A malicious actor compromised an entire cluster by exploiting a zero-day vulnerability in a unique container. The malicious actor then engaged in a lateral movement and compromised other containers and the host system. Which of the following container security practices has the GREATEST chance of preventing this attack from reoccurring?

A systems administrator needs to set up a secure, cloud-based file transfer environment between two data centers. Which of the following architecture models would meet this requirement?

Which of the following has the ability to physically verify individuals who enter and exit a restricted area?

A security analyst is looking for a way to categorize and share a threat actor's TTPs with colleagues at a partner organization. Which of the following would be the best method to achieve this goal?

A security administrator recently reset local passwords and the following values were recorded in the system: A security administrator recently reset local passwords and the following values were recorded in the system: