1) An organization suffered an outage and a critical system took 90 minutes to come back online. Though there was no data loss during the outage, the expectation was that the critical system would be available again within 60 minutes. Which of the following is the 60- minute expectation an example of: a) MTBF( Mean Time Between Failure b) RPO (Recovery Point Objective c) MTTR d) RTO(recovery time objective) 2) A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things: recoery from power outages|Always-available connectiviy in case of an outage The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's second need? a) A. Lease a point-to-point circuit to provide dedicated access. b) B. Connect the business router to its own dedicated UPS. c) C. Purchase services from a cloud provider for high availability d) D. Replace the business's wired network with a wireless network. 3) A company recently moved sensitive videos between on-premises. Company-owned websites. The company then learned the videos had been uploaded and shared to the internet. Which of the following would MOST likely allow the company to find the cause? a) Checksums b) Watermarks c) order of volatility d) Log analysis e) Right-to-audit clause 4) A company's Chief Information Office (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers'? a) A capture-the-flag competition b) A phishing simulation c) Physical security training d) Baste awareness training 5) A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site Upon investigation, a security analyst the identifies the following:Which of the following MOST likely occurred? a) A reverse proxy was used to redirect network traffic b) an SSL strip MITM attack was performed c) AN attacker temporarily pawned a name server d) An ARP poisoning attack was successfully executed 6) Local guidelines require that all information systems meet a minimum-security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline? a) SOAR playbook b) Security control matrix c) Risk management framework d) Benchmarks 7) Which of the following would be BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and include monetary penalties for breaches to manage third-party risk? a) An ARO b) An MOU c) An SLA d) A BPA 8) A large industrial system's smart generator monitors the system status and sends alerts to thirdparty maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities? a) segmentation b) Firewall whitelisting c) Containment d) Isolation 9) Which of the following ISO standards is certified for privacy? a) ISO 9001 b) ISO 27002 c) ISO 27701 d) ISO31000 10) Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts? a) DLP (Data Loss Prevention) b) HIDS (Host Intrusion detection system) c) EDR (end point detection repsonse) d) NIPS(Network Intrusion Prevention System) 11) A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario? a) Physical b) Detective c) Preventive d) Compensating 12) A security assessment determines DES and 3DES at still being used on recently deployed production servers. Which of the following did the assessment identify? a) Unsecure protocols b) Default settings c) Open ermission d) Weak encryption 13) A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network. Which of the following would be BEST to help mitigate this concern? a) A. Create consultant accounts for each region, each configured with push MFA notifications. b) B. Create one global administrator account and enforce Kerberos authentication c) C. Create different accounts for each region. limit their logon times, and alert on risky logins d) D. Create a guest account for each region. remember the last ten passwords, and block password reuse 14) A security modern may have occurred on the desktop PC of an organization's Chief Executive Officer (CEO) A duplicate copy of the CEO's hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task? a) Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag b) Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize the dd command m a live Linux environment to create a duplicate copy c) Remove the CEO's hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches d) Refrain from completing a forensic analysts of the CEO's hard drive until after the incident is confirmed, duplicating the hard drive at this stage could destroy evidence 15) A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Select TWO). a) full-device encryption b) Network usage rules c) Geofencing d) Containerization e) Application whitelisting f) Remote control 16) A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet? a) AH (authentication header) b) ESP (Encapsulating security payload) c) SRTP(secure real time transport protocol) d) LDAP(light weight directory access protocol) 17) Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario? a) Watering-hole attack b) Credential harvesting c) Hybrid warfare d) Pharming 18) Employees are having issues accessing the company's website. Some employees report very slow performance, while others cannot the website at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic. Which of the following attacks is MOST likely occurring? a) DDoS b) Man-in-the-middle c) MAC flooding d) Domain hijacking 19) An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfer the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap? a) Nmap b) cURL c) Netcat d) Wireshark 20) A security analyst is investigation an incidWhich of the following attacks has occurred?ent that was first reported as an issue connecting to network shares and the internet, While reviewing logs and tool output, the analyst sees the following: a) IP conflict b) Pass-the-hash c) MAC flooding d) directory traversal e) ARP poisoning 21) An engineer wants to access sensitive data from a corporate-owned mobile device. Personal data is not allowed on the device. Which of the following MDM configurations must be considered when the engineer travels for business? a) screen locks b) Application management c) Geofencing d) containerization 22) An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use? a) An external security assessment b) A bug bounty program c) A tabletop exercise d) A red-team engagement 23) A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach? a) A firewall b) A device pin c) A USB data blocker d) Biometrics 24) A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicates a directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing? a) b) c) d) 25) A work wide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack? a) Network location b) Impossible travel time c) Geolocation d) Geofencing 26) A network administrator has been asked to design a solution to improve a company's security posture The administrator is given the following, requirements? Which of the following should the network administrator implement to BEST meet these requirements? a) HIDS b) NIDS c) HIPS d) NIPS 27) An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following: Which of the following BEST describes the attack that was attempted against the forum readers? a) SOU attack b) DLL attack c) XSS attack d) API attack 28) Which of the following organizational policies are MOST likely to detect fraud that is being conducted by existing employees? (Select TWO). a) Offboarding b) Mandatory vacation c) Job rotation d) Background check e) Separation of duties f) Acceptable use 29) When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of? a) Acceptance b) Mitigation c) Avoidance d) Transferance 30) A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities. Which of the following would BEST meet this need? a) CVE b) SIEM c) SOAR d) CVSS 31) A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent data? (Select TWO) a) VPN b) Drive encryption c) Network firewall d) File-level encryption e) USB blocker f) MFA 32) Which of the following types of controls is a turnstile? a) Physical b) Detective c) Corrective d) Technical 33) After entering a username and password, and administrator must gesture on a touch screen. Which of the following demonstrates what the administrator is providing? a) Multifactor authentication b) Something you do c) Biometric d) Two-factor authentication 34) A security analyst is reviewing the following attack Which of the following types of attacks does this MOST likely represent?log output:  a) Rainbow table b) Brute-force c) Password-spraying d) Dictionary 35) Which of the following algorithms has the SMALLEST key size? a) DES b) Twofish c) RSA d) AES 36) A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal? a) A. Salting the magnetic strip information b) B. Encrypting the credit card information in transit. c) C. Hashing the credit card numbers upon entry. d) D. Tokenizing the credit cards in the database 37) A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the MOST likely cause of the issue? a) A. The S/MME plug-in is not enabled. b) B. The SLL certificate has expired. c) C. Secure IMAP was not implemented d) D. POP3S is not supported. 38) A system administrator needs to implement an access control scheme that will allow an object's access policy be determined by its owner.Which of the following access control schemes BEST fits the requirements? a) Role-based access control b) Discretionary access control c) Mandatory access control d) Attribute-based access control 39) Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company's final software releases? (Select TWO.) a) Unsecure protocols b) Use of penetration-testing c) Weak passwords d) Included third-party libraries e) Vendors/supply chain f) Outdated anti-marlware 40) To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would BEST meet the needs of the organization? a) MaaS b) Iaas c) SaaS d) PaaS 41) A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective? a) Segmentation b) Containment c) Geofencing d) Isolation 42) A company is launching a new internet platform for its clients. The company does not want to implement its own authorization solution but instead wants to rely on the authorization provided by another platform. Which of the following is the BEST approach to implement the desired solution? a) OAuth b) TACACS+ c) SAML d) RADIUS 43) The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached. Which of the blowing would BEST address this security concern? a) Install a smart meter on the staff WiFi b) Place the environmental systerms in the same DHCP scope as the staff WiFi c) Implement Zigbee on the staff WiFi access points d) Segment the staff WiFi network from the environmental systems network 44) A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money: Which of the following types of attack is MOST likely being conducted? a) SQLi b) CSRF c) Session replay d) API 45) A security analyst is logged into a Windows file server and needs to see who is accessing files and from which computers. Which of the following tools should the analyst use? a) Netstat b) net share c) netcat d) nbstat e) net session 46) After consulting with the Chief Risk Officer (CRO). A manager decides to acquire cybersecurity insurance for the company. Which of the following risk management strategies is the manager adopting? a) Risk acceptance b) Risk avoidance c) Risk transference d) Risk mitigation 47) A company is designing the layout of a new datacenter so it will have an optimal environmental temperature. Which of the following must be included? (Select TWO) a) an air gap b) a cold aisle c) Removable doors d) a hot aisle e) an Iot thermostat f) A humidity monitor 48) A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log: Which of the following describes the method that was used to compromise the laptop? a) An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack b) An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file c) An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights and launch Outlook d) An attacker was able to phish user credentials successfully from an Outlook user profile 49) A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will BEST meet these requirements? a) An NGFW b) A CASB c) Application whitelisting d) An NG-SWG 50) An attacker is exploiting a vulnerability that does not have a patch available. Which of the following is the attacker exploiting? a) Zero day b) Default permissions c) Weak encryption d) Unsecure root accounts

Sec+ 4

દ્વારા
પ્રિન્ટ
એમ્બેડ

લીડરબોર્ડ

દૃશ્યમાન શૈલી

વિકલ્પો

ટેમ્પલેટ બદલો

આપોઆપ સંગ્રહ થયેલ છે: ?