Which of the following best describes a threat actor who is attempting to use commands found on a public code repository?

. A systems administrator is considering switching from tape backup to an alternative backup solution that would allow data to be readily available in the event of a disaster. Which of the following backup types should the administrator implement?

While assessing the security of a web application, a security analyst was able to introduce unsecure strings through the application input fields by bypassing client-side controls. Which of the following solutions should the analyst recommend?

A systems administrator wants to add a second factor to the single sign-on portal that the organization uses. Currently, only a username and password are required. Which of the following should the administrator implement to best meet this requirement?

A security team discovers a vulnerability that does not have a patch available. The team determines the vulnerability is critical. Which of the following should the security engineers do to address the vulnerability?

Which of the following best describes the risk present after controls and mitigating factors have been applied?

110. An organization received threat intelligence describing an increase in credential harvesting across the industry. A security analyst is reviewing the following authentication logs to look for potential Indicators of compromise. Which of the following configurations can help prevent this type of attack from occurring?

An application server is published directly on the internet with a public IP address. Which of the following should the administrator use to monitor the application traffic?

A prospective customer is interested in seeing the type of data that can be retrieved when a customer uses a company's services. An engineer at the company sends the following documentation before reviewing it: The prospective customer is concerned. Which of the following will best resolve the concern?

A company wants to move one of its environments to the cloud. The biggest requirement is to have as much control as possible regarding the environment. Which of the following would most likely satisfy this requirement?

An organization wants to reduce the likelihood that a data breach could result in reputational, financial, or regulatory consequences. The organization needs an enterprise-wide solution that does not require new technology or specialized roles. Which of the following describes the best way to achieve these goals?

A company would like to implement a network security solution to inspect traffic on the network and generate an alert when specific traffic patterns are observed. The solution should never block legitimate network traffic. Which of the following will the company most likely implement?

While performing digital forensics, which of the following is considered the most volatile and should have the contents collected first?

A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?

Which of the following is the best resource to consult for information on the most common application exploitation methods?

A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning, and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges. Which of the following attacks most likely occurred?

A vulnerability scan returned the following results: ➔ 2 Critical ➔ 5 High ➔ 15 Medium ➔ 98 Low Which of the following would the information security team most likely use to decide if all discovered vulnerabilities must be addressed and the order in which they should be addressed?

A company would like to implement a daily backup solution. The backup will be stored on a NAS appliance, and capacity is not a limiting factor. Which of the following will the company most likely implement to ensure complete restoration?

A security analyst finds that a user's name appears in a database entry at a time when the user was on vacation. The analyst reviews the logs from the authentication server that is being used by the database: Which of the following can the security analyst conclude based on the review?

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Select two).

Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

Which of the following best ensures minimal downtime and data loss for organizations with critical computing equipment located in earthquake-prone areas?

A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?

A server administrator is reporting performance issues when accessing all internal resources. Upon further investigation, the security team notices the following: ● A user’s endpoint has been compromised and is broadcasting its MAC as the default gateway's MAC throughout the LAN. ● Traffic to and from that endpoint is significantly greater than all other similar endpoints on the LAN. ● Network ports on the LAN are not properly configured. ● Wired traffic is not being encrypted properly. Which of the following attacks is most likely occurring?

A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?

A security analyst inspects the following log: Which of the following was attempted?

A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?

A company would like to implement a secure process for managing headless servers remotely. Which of the following should the company most likely implement?

. A company is required to perform a risk assessment on an annual basis. Which of the following types of risk assessments does this requirement describe?

A food delivery service gives its drivers mobile devices that enable customers to track orders. Some drivers forget to leave the devices at the store when their shifts end. Which of the following would help remind the drivers to leave the devices at the store?

A company hired an external consultant to assist with required system upgrades to a critical business application. A systems administrator needs to secure the consultant's access without sharing passwords to critical systems. Which of the following solutions should most likely be utilized?

A software company has a shared codebase for multiple projects using the following strategy: ● Unused features are deactivated but still present on the code. ● New customer requirements trigger additional development work. Which of the following will most likely occur when the company uses this strategy?

A security analyst is working with a vendor to get a new SaaS application deployed to an enterprise. The analyst wants to ensure role-based security policies are correctly applied as users access the application. Which of the following is most likely to solve the issue?

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following best represents the type of testing that will occur?

An organization wants to ensure it can track changes between software deployments. Which of the following concepts should the organization implement?

An analyst examines the web server logs after a compromise and finds the following: Which of the following most likely indicates a successful attack on server credentials?

A newly implemented wireless network is designed so that visitors can connect to the wireless network for business activities. The legal department is concerned that visitors might connect to the network and perform illicit activities. Which of the following should the security team implement to address this concern?

An audit report showed that a former employee saved the following files to an external USB drive before the employee's termination date: ● Annual_tax_form.pdf ● encrypted_passwords.db ● team_picture.jpg ● contactjist.db ● human_resources.txt Which of the following could the former employee do to potentially compromise corporate credentials?

A company is providing laptops to all employees and the Chief Information Security Officer is concerned about protecting information if devices are lost or stolen. Which of the following would help mitigate the threat of unauthorized access to unencrypted data?

. A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?

. Which of the recovery sites is the best option?

An organization wants to minimize the recovery time from backups in case of a disaster. Backups must be retained for one month, while minimizing the storage space used for backups. Which of the following is the best approach for a backup strategy?

Which of the following describes how applications are built, configured, and deployed?

A web application for a bank displays the following output when showing details about a customer's bank account: Which of the following techniques is most likely implemented in this web application?

An organization hired a third party to test its internal server environment for any exploitable vulnerabilities and to gain privileged access. The tester compromised several servers, and the organization was unable to detect any of the compromises. Which of the following actions would be best for the company to take to address these findings?

Which of the following best describes the process of adding a secret value to extend the length of stored passwords?

A company wants to begin taking online orders for products but has decided to outsource payment processing to limit risk. Which of the following best describes what the company should request from the payment processor?

A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank's desired scenario and budget?

112. Users at a company reported that one of the company’s VPN tunnels was not functioning. Security analysts discovered that traffic to the VPN tunnel was being redirected to a malicious IP address to capture log-in credentials. Which of the following security measures should have been the first step in preventing this attack?

Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

A municipality implements an loT device discovery scanner and finds a legacy controller for a critical internal utility SCADA service that is running firmware with multiple vulnerabilities. Unfortunately, the controller cannot be upgraded, and a replacement for it is not available for at least a year. Which of the following is the best action to take to mitigate the risk posed by this controller in the meantime?

Which of the following would best enable a systems administrator to easily determine which devices are located at a remote facility and allow policy to be pushed to only those devices?

An organization would like to gain actionable intelligence about real attacker techniques used against its systems. Which of the following should the organization use to best achieve this objective?

111. A security analyst is preparing a report that details the circumstances that led to a security incident and steps that can be taken in the future to prevent recurrence. Which of the following best describes this phase of the incident response process?

A security administrator is working to secure company data on corporate laptops in case the laptops are stolen. Which of the following solutions should the administrator consider?

A security analyst is reviewing the following system command history on a computer that was recently utilized in a larger attack on the corporate infrastructure; Which of the following best describes what the analyst has discovered?

Which of the following best explains why physical security controls are important in creating a secure environment?

A security analyst is responding to a malware incident at a company. The malware connects to a command-and-control server on the internet in order to function. Which of the following should the security analyst implement first?

A network engineer deployed a redundant switch stack to increase system availability. However, the budget can only cover the cost of one ISP connection. Which of the following best describes the potential risk factor?

A penetration test revealed that several Linux servers were misconfigured at the file level and access was granted incorrectly. A security analyst is referencing the instructions in the incident response runbook for remediation information. Which of the following is the best command to use to resolve the issue?

A company would like to enhance the authentication technologies being used by remote employees. Which of the following should the company most likely choose?

A security analyst is investigating a SIEM event concerning invalid log-ins The system logs that match the time frame of the event show the following: Which of the following best describes this type of attack?

Which of the following best describes a legal hold?

An analyst is providing feedback on an incident that involved an unauthorized zone transfer and an on-path attack in a corporate network. The analyst's recommendation is to implement secure DNS. Which of the following would be the most beneficial result of this action?

Which of the following best describes an environment where a business owns the application and operating system but requires the resources to host them in the cloud?

A security administrator needs to improve the security at an entry kiosk. Currently, employees enter an employee number and PIN at a PC to enter the building. Which of the following is the best solution to improve security at the entry kiosk?

Which of the following threat actors is most likely to use a high level of sophistication and potentially zero-day exploits to target organizations and systems?

Which of the following best describes a use case for a DNS sinkhole?

During a forensic investigation, an analyst uses software to create a checksum of the affected subject's email file. Which of the following is the analyst practicing?

An administrator identifies some locations on the third floor of the building that have a poor wireless signal. Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or nonexistent wireless signal?

After a web server was migrated to a cloud environment, user access to that server was blocked. Even though an on-premises firewall configuration has been modified to reflect the cloud infrastructure, users are still experiencing access issues. Which of the following most likely needs to be configured?

A company executive experienced a security issue at an airport Photos taken during a strategy meeting were stolen when the executive used a free smartphone-charging station. Which of the following can be used to prevent this from occurring in the future?

A security department wants to conduct an exercise that will make many experimental changes to the main virtual server. After the exercise is completed, the IT director would like to be able to rollback to the state prior to the exercise. Which of the following backup types will allow for the fastest rollback?

During the past year, an organization has experienced several intellectual property leaks by an unidentified source. Which of the following risk management policies will help the company identify the source of this issue?

A company has implemented a policy that requires two people to agree in order to push any changes from the test codebase repository into production. Which of the following best describes this control type?

A systems administrator at a healthcare organization is setting up a server to securely store patient data. Which of the following must be ensured when storing PHI?

A security analyst is reviewing an IDS alert and sees the following: Which of the following triggered the IDS alert?

A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email: ● Sensitive customer data must be safeguarded ● Documents from managed sources should not be opened in unmanaged destinations. ● Sharing of managed documents must be disabled, ● Employees should not be able to download emailed images to their devices. ● Personal photos and contact lists must be kept private. ● IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company. Which of the following are the best features to enable to meet these requirements? (Select two).

An organization is concerned about hackers bypassing MFA through social engineering of phone carriers. Which of the following would most likely protect against such an attack?

A company requires that all user authentication against a core directory service must be secure. Which of the following should the company implement to meet this requirement?

Earlier in the week, the CSIRT was alerted to a cyber-incident. The CSIRT is now interacting with the affected systems in an attempt to stop further damage. Which of the following best describes this phase of the incident response process?

Which of the following security program audits includes a comprehensive evaluation of the security controls in place at an organization over a six- to 12-month time period?

A security analyst receives reports of widespread password login attempts for most of the administrator accounts in the environment. Logs indicate that a successful login occurred and the same credentials are being used to attempt to gain access to other resources. Which of the following would best prevent this type of attack from being successful?

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?

Which of the following utilizes public and private keys to secure data?

The security team installed video cameras in a prominent location in the building lobby. Which of the following best describe this type of control? (Select two).

A company wants to ensure that all devices are secured properly through the MDM solution so that, if remote wipe fails, access to the data will still be inaccessible offline. Which of the following would need to be configured?

A system administrator performs a quick scan of an organization's domain controller and finds the following: Which of the following vulnerabilities does this output represent?

Which of the following describes a social engineering technique that may include scam emails addressed directly to the Chief Financial Officer

An administrator receives the following network requirements for a data integration with a third-party vendor: Which of the following is the most appropriate response for the administrator to send?

Which of the following, if compromised, can indirectly impact systems’ availability by imposing inadequate environmental conditions for the hardware to operate properly?

A bank was recently provided a new version of an executable that was used to launch its core banking platform. During the upgrade process, a remote code execution exploit was publicly released that targeted the old version. Which of the following would best prevent a security incident?

A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated?

Which of the following is the most likely way a rogue device was allowed to connect'?

Which of the following is considered a preventive control?

A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done first?

Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?

A company uses a SaaS vendor to host its customer database. The company would like to reduce the risk of customer data exposure if the systems are breached. Which of the following risks should the company focus on to achieve this objective?

A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?

A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?