The local administrator account for a company’s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening?

Which of the following objectives is best achieved by a tabletop exercise?

A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Which of the following should be used to ensure a device is inaccessible to a networkconnected resource?

Which of the following enables the ability to receive a consolidated report from different devices on the network?

Which of the following is a primary security concern for a company setting up a BYOD program?

Which of the following is the most common data loss path for an air-gapped network?

A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

Which of the following is used to conceal credit card information in a database log file?

A SOC analyst establishes a remote control session on an end user’s machine and discovers the following in a file: gmail.com[ENT]my.name@gmail.com[NET]NoOneCanGuessThis123! [ENT]Hello Susan, it was a great to see you the other day! Let’s plan a followup[BACKSPACE]follow-up meeting soon. Here is the link to register. [RTN][CTRL]c [CTRL]v [RTN]after[BACKSPACE]After you register give me a call on my cellphone. Which of the following actions should the SOC analyst perform first?

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

An enterprise is working with a third party and needs to allow access between the internal networks of both parties for a secure file migration. The solution needs to ensure encryption is applied to all traffic that is traversing the network. Which of the following solutions should most likely be implemented?

An accountant is transferring information to a bank over FTP. Which of the following mitigations should the accountant use to protect the confidentiality of the data?

A new corporate policy requires all staff to use multifactor authentication to access company resources. Which of the following can be utilized to set up this form of identity and access management? (Choose two)

A network manager wants to protect the company’s VPN by implementing multifactor authentication that uses: -Something you know -Something you have -Something you are Which of the following would accomplish the manager’s goal?

Which of the following is used to improve security and overall functionality without losing critical application data?

A company implemented an MDM policy to mitigate risks after repeated instances of employees losing company-provided mobile phones. In several cases, the lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two)

A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning, and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges. Which of the following attacks most likely occurred?

Cadets speaking a foreign language are using company phone numbers to make unsolicited phone calls to a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed. Which of the following is the most likely explanation?

An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Choose two)

A website user is locked out of an account after clicking an email link and visiting a different website. The Web server logs show the user’s password was changed, even though the user did not change the password. Which of the following is the most likely cause?

Which of the following is most likely a security concern when installing and using low-cost IoT devices in infrastructure environments?

A system administrator is concerned users are accessing emails through a duplicate site that is not run by the company. Which of the following is used in this scenario?

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

Which of the following is the fastest and most cost-effective way to confirm a third-party supplier’s compliance with security obligations?

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

A software developer released a new application and is distributing application files via the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?

While performing digital forensics, which of the following is considered the most volatile and should have the contents collected first?

A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Choose two)

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

A security administrator observed the following in a web server log while investigating an incident: “GET ../../../../etc/passwd” Which of the following attacks did the security administrator most likely see?

Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying?

Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee’s phone network port and then using tools to scan for database servers?

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company server to become unreachable. Which of the following actions would prevent this issue?

While reviewing logs, a security administrator identifies the following code: (See pic) Which of the following best describes the vulnerability being exploited?

An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days. Which of the following would reduce the risk of this incident from happening again? (Choose two)

Which of the following should a security team do first before a new web server goes live?

An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?

The author of a software package is concerned about bad actors repackaging and inserting malware into the software. The software download is hosted on a website, and the author exclusively controls the website’s contents. Which of the following techniques would best ensure the software’s integrity?

A system administrator succesfully configures VPN access to a cloud environment. Which of the following capabilities should the administrator use to best facilitate remote administration?

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

A security team at a large, global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?

An organization experienced a security breach that allowed an attacker to send fraudulent wire transfers from a hardened PC exclusively to the attacker’s bank through remote connections. A security analyst is creating a timeline of events and has found a different PC on the network containing malware. Upon reviewing the command history, the analyst finds the following: PS>.\mimikatz.exe “sekurlsa::pth /user:localadmin /domain:corp-domain.com / ntlm:B4B9B02E1F29A3CF193EAB28C8D617D3F327 Which of the following best describes how the attacker gained access to the hardened PC?

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile device. Which of the following vulnerabilities is the organization addressing?

Which of the following is the best way to secure an on-site data center against intrusion from an insider?

Which of the following steps should be taken before mitigating a vulnerability in a production server?

Which of the following best describes a use case for a DNS sinkhole?

When trying to access an internal website, and employee reports that a prompt displays, starting that the site is insecure. Which of the following certificate types is the site most likely using?

Which of the following cryptographic solutions protects data at rest?

A enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS request will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

A Chief Information Security Officer wants to monitor the company’s servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

A company is changing its mobile device policy. The company has the following requirements: -Company-owned devices -Ability to harden the device -Reduced security risk -Compatibility with company resources Which of the following would best meet these requirements?

A company web server is initiating outbound traffic to a low-reputation, public IP on non-standard ports. The web server is used to present an unauthenticated page to clients who upload images to the company. An analyst notices a suspicious process running on the server that was not created by the company development team. Which of the following is the most likely explanatio for this security incident?

A company’s account department receives an urgent payment message from the company’s bank domain with instructions to wire transfer funds. The sender requests that the transfer be completed as soon as possible. Which of the following attacks is described?

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

Which of the following threat actors is the most likely to be motivated by profit?

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analyst. Which of the following would best enable the reduction in manual work?

An administrator is installing an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?

A network administrator deployed a DNS logging tool that logs suspicious websites that are visited and then sends a daily report based on various weighted metrics. Which of the following best describes the type of control the administrator put in place?

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the companhy utilize?

A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this requirement?

An employee who was working remotely lost a mobile device containing company data. Which of the following provides the best solution to prevent future data loss?

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

Verious stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Choose two)

An analyst is performing a vulnerability scan against the web servers exposed to the internet without a system account. Which of the following is most likely being performed?

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

Employees sign an agreement that restricts specific activities when leaving the company. Violating the agreement can result in legal consequences. Which of the following agreements does this best describe?

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees’ normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

Which of the following documents details how to accomplish a technical security task?

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

Which of the following can be used to identify potential attacker activities without affecting production servers?

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

Which of the following should be used to ensure an attacker is unable to read the contents of mobile device’s drive if the device is lost?

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the. Network. Which of the following types of web filtering should a systems administrator configure?

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

A company processes and stores sensitive data on its own systems. Which of the following steps should the company take first to ensure compliance with privacy regulations?

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

A network manager wants to protect the company’s VPN by implementing multifactor authentication that uses: -Something you know -Something you have -Something you are Which of the following would accomplish the manager’s goal?

For an upcoming product launch, a company hires a marketing agency whose owner is a close relative of the Chief Executive Officer. Which of the following did the company violate?

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

The number of tickets the help desk has been receiving has increased recently due to numerous false-positive phishing reports. Which of the following would be best to help to reduce the false positives?

A new employee accessed an unauthorized website. An investigation found that the employee violated the company’s rules. Which of the following did the employee violate?

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

Which of the following would most likely be deployed to obtain an analyze attacker activity and techniques?

Which of the following best describe why a process would require a two-person integrity security control?

An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

A CVE in a key-end component of an application has been disclosed. The systems administrator is identifying all of the systems in the environment that are susceptible to this risk. Which of the following should the systems administrator perform?