A security analyst reviews domain activity logs and notices the following: Which of the following is the best explanation for what the security analyst has discovered?

Which of the following is the most important security concern when using legacy systems to provide production service?

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

Which of the following can be used to identify potential attacker activities without affecting production servers?

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.Most employees clocked in and out while they were inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions. Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following is the most likely reason for this compromise?

A financial institution would like to store its customer data in the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Which of the following topics would most likely be included within an organization's SDLC?

A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Which of the following most impacts an administrator's ability to address CVEs discovered on a server?

Which of the following best describes why the SMS OTP authentication method is more risky to implement than the TOTP method?

Which of the following would be used to detect an employee who is emailing a customer list to a personal account before leaving the company?

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

An organization wants to ensure the integrity of compiled binaries in the production environment. Which of the following security measures would best support this objective?

Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain's URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

The application development teams have been asked to answer the following questions: • Does this application receive patches from an external source? • Does this application contain open-source code? • Is this application accessible by external users? • Does this application meet the corporate password standard? Which of the following are these questions port of?

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Which of the following is the most likely to be included as an element of communication in a security awareness program?

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

The Chief Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells the analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the user’s activity?

A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

Which of the following actions would a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

A company hired a security manager from outside the organization to lead security operations. Which of the following actions should the security manager perform first in this new role?

A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two). A. Application

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

Which of the following control types is AUP an example of?

A company recently decided to allow employees to work remotely. The company wants to protect its data without using a VPN. Which of the following technologies should the company implement?

Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

After reviewing the following vulnerability scanning report: Server:192.168.14.6 Service: Telnet Port: 23 Protocol: TCP Status: Open Severity: High Vulnerability: Use of an insecure network protocol A security analyst performs the following test: nmap -p 23 192.168.14.6 —script telnet-encryption PORT STATE SERVICE REASON 23/tcp open telnet syn-ack I telnet encryption: | _ Telnet server supports encryption Which of the following would the security analyst conclude for this reported vulnerability?

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

A systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration: •Most secure algorithms should be selected •All traffic should be encrypted over the VPN •A secret password will be used to authenticate the two VPN concentrators

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline. While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

Which of the following is used to validate a certificate when it is presented to a user?

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

Which of the following describes effective change management procedures?

Which of the following describes an executive team that is meeting in a boardroom and testing the company's incident response plan?

Which of the following describes the process of concealing code or text inside a graphical image?

Which of the following is a primary security concern for a company setting up a BYOD program?

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Which of the following is classified as high availability in a cloud environment?

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems

A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

Which of the following would most likely mitigate the impact of an extended power outage on a company's environment?

A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

Which of the following is a hardware-specific vulnerability?

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analysts. Which of the following would best enable the reduction in manual work?

A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

The Chief Information Security Officer wants to put security measures in place to protect Pll. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

Which of the following would be best suited for constantly changing environments?

Which of the following is used to validate a certificate when it is presented to a user?

A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Which of the following risks can be mitigated by HTTP headers?

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

In which of the following scenarios is tokenization the best privacy technique to use?

Since a recent upgrade to a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be implemented to allow for this type of access? (Select two).

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resumes?

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

A security analyst is creating a base for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).

A security analyst needs to propose a remediation plan for each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company's internal network?