Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?

Which of the following is assured when a user signs an email using a private key?

An attacker is using a method to hide data inside of benign files in order to exfiltrate confidential data. Which of the following is the attacker most likely using?

Which of the following is the BEST method for ensuring non-repudiation?

A developer is concerned about people downloading fake malware-infected replicas of a popular game. Which of the following should the developer do to help verify legitimate versions of the game for users?

A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key?

Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

A database administrator needs to ensure all passwords are stored in a secure manner, so the administrator adds randomly generated data to each password before the storing. Which of the following techniques BEST explains this action?

A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts at a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?

Ann, a forensic analyst, needs to prove that the data she originally acquired has remained unchanged while in her custody. Which of the following should Ann use?

Which of the following is true about asymmetric encryption?

A cybersecurity department purchased a new PAM solution. The team is planning to randomize the service account credentials of the Windows server first. Which of the following would be the BEST method to increase the security on the Linux server?

A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log: Which of the following describes the method that was used to compromise the laptop?

To further secure a company’s email system, an administrator is adding public keys to DNS records in the company’s domain. Which of the following is being used?

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

A security engineer is installing a WAF to protect the company’s website from malicious web requests over SSL. Which of the following is needed to meet the objective?

A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?

A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private." Which of the following is the best way to fix this issue?

A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect?

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether it is modified in transit before installation on the user's computer. Which of the following can be used to safely access the file?

A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?

A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the administrator use?

A financial institution would like to stare is customer data a could but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concern about computational overheads and slow speeds, Which of the following cryptographic techniques would BEST meet the requirement?

An organization's policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using any of their previous 12 passwords. The organization does not use single sign- on, nor does it centralized storage of passwords. The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected for that separate system. Account login has been detected for users who are on vacation. Which of the following BEST describes what is happening?

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?

A tax organization is working on a solution to validate the online submission of documents. The solution should be earned on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?

A website developer who is concerned about theft of the company's user database warns to protect weak passwords from offline brute-force attacks. Which of the following be the BEST solution?

Digital signatures use asymmetric encryption. This means the message is encrypted with:

A security administrator has generated an SSH key pair to authenticate to a new server. Which of the following should the security administrator do NEXT to use the keys securely for authentication? (Choose 2)

A retail company that is launching a new website to showcase the company's product line and other information for online shoppers registered the following URLs: Which of the following should the company use to secure its website if the company is concerned with convenience and cost?

Which of the following supplies non-repudiation during a forensics investigation?

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following: ● Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users. ● Internal users in question were changing their passwords frequently during that time period. ● A jump box that several domain administrator users use to connect to remote devices was recently compromised. ● The authentication method used in the environment is NTLM. Which of the following types of attacks is MOST likely being used to gain unauthorized access?

A symmetric encryption algorithm is BEST suited for:

Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

While preparing a software Inventory report, a security analyst discovers an unauthorized program installed on most of the company's servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. Which of the following mitigations would BEST secure the server environment?

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

Which of the following will increase cryptographic security?

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the MOST likely cause of the issue?

Security engineers are working on digital certificate management with the top priority of making administration easier. Which of the following certificates is the best option?

Business partners are working on a security mechanism to validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction files. Which of the following is the BEST solution to adopt?

An organization recently discovered that a purchasing officer approved an invoice for an amount that was different than the original purchase order. After further investigation a security analyst determines that the digital signature for the fraudulent invoice is exactly the same as the digital signature for the correct invoice that had been approved. Which of the following attacks MOST likely explains the behavior?

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host: Which of the following attacks occurred?

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following: Which of the following attacks MOST likely occurred?

Which of the following is a cryptographic concept that operates on a fixed length of bits?

An upcoming project focuses on secure communications and trust between external parties. Which of the following security components will need to be considered to ensure a chosen trust provider is used and the selected option is highly scalable?

A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?

During a security audit of a company's network, unsecure protocols were found to be in use. A network administrator wants to ensure browser-based access to company switches is using the most secure protocol. Which of the following protocols should be implemented?

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Customers reported their antivirus software flagged one of the company’s primary software products as suspicious. The company’s Chief Information Security Officer has tasked the developer with determining a method to create a trust model between the software and the customer’s antivirus software. Which of the following would be the BEST solution?

Which of the following can be used by an authentication application to validate a user's credentials without the need to store the actual sensitive data?

Security analysts notice a server login from a user who has been on vacation for two weeks The analysts confirm that the user did not log in to the system while on vacation. After reviewing packet capture logs, the analysts notice the following: username:....smithJa..... Password: 944d3697d8880ed401b5ba2c77811 Which of the following occurred?

A company recently upgraded its authentication infrastructure and now has more computing power. Which of the following should the company consider using to ensure user credentials are being transmitted and stored more securely?

Which of the following techniques eliminates the use of rainbow tables for password cracking?

Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

A security analyst is reviewing the following attack log output: Which of the following types of attacks does this MOST likely represent?

Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?

A company recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data. Which of the following should a security engineer do to prevent such an attack in the future?

A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?

A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Select TWO).

Which of the following is used to validate a certificate when it is presented to a user?

Which of the following would be indicative of a hidden audio file found inside of a piece of source code?

A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avoid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

An attacker has successfully exfiltrated several non-salted password hashes from an online system. Given the logs below: Which of the following BEST describes the type of password attack the attacker is performing?

A security analyst is reviewing logs on a server and observes the following output: Which of the following is the security analyst observing?

After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?

A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM Which of the following describes what is occurring?

In which of the following common use cases would steganography be employed?

A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are: www.company.com (main website) contactus.company.com (for locating a nearby location) quotes.company.com (for requesting a price quote) The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements?

A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the following entries:

A security analyst is performing a forensic investigation of compromised account credentials. Using the Event Viewer, the analyst was able to detect the following message, “Special privileges assigned to new login.’’ Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?

A company would like to protect credit card information that is stored in a database from being exposed and reused. However, the current POS system does not support encryption. Which of the following would be BEST suited to secure this information?

Which of the following encryption algorithms require one encryption key? (Choose two.)

A security assessment determines DES and 3DES at still being used on recently deployed production servers. Which of the following did the assessment identify?

An attacker replaces a digitally signed document with another version that goes unnoticed. Upon reviewing the document’s contents, the author notices some additional verbiage that was not originally in the document but can’t validate an integrity issue. Which of the following attacks was used?

A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?

A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks Which of the following should the administrator consider?

An application developer accidentally uploaded a company's code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?

A security analyst is hardening a Linux workstation and must ensure. It has public keys forwarded to remote systems for secure login. Which of the following steps should the analyst perform to meet these requirements? (Select TWO)

While reviewing the /etc/shadow file, a security administrator notices files with the same values. Which of the following attacks should the administrator be concerned about?

An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

A security engineer is setting up passwordless authentication for the first time. INSTRUCTIONS Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following should the organization consider before implementation? (Select TWO).

Which of the following would MOST likely support the integrity of a voting machine?

A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security control standards. Which of the following is the MOST likely source of the breach?

A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use?

A cybersecurity analyst at Company A is working to establish a secure communication channel with a counterpart at Company B, which is 3,000 miles (4.828 kilometers) away. Which of the following concepts would help the analyst meet this goal in a secure manner?

A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events: To better understand what is going on, the analyst runs a command and receives the following output: Based on the analyst’s findings, which of the following attacks is being executed?

A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations. Which of the following would address the CSO's concerns?

Which of the following algorithms has the SMALLEST key size?

A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following: * The manager of the accounts payment department is using the same password across multiple external websites and the corporate account. * One of the websites, the manager used recently experienced a data breach. * The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country Which of the following attacks has MOST likely been used to compromise the manager's corporate account?

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?

An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on other company servers without issue. Which of the following is the MOST likely reason for this finding?

Which of the following strengthens files stored in the /etc/shadow directory?

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multi cloud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would BEST meet the architect's objectives?

Given the following logs: Which of the following BEST describes the type of attack that is occurring?