sopa4-151-299

Which of the following does a user often agree to when logging in to domain?. MAC. EULA. EAP. AUP.

A company identified the potential for malicious insiders to harm the organization. Which of the following measures should the organization implement to reduce this risk ?. Web application firewall. Intrusion detection system. User behavior analytics. Unified threat management.

A security analyst receives the following alert from the SIEM plarform: Which of the following attack types best describes this event?. Brute force. Impersonation. Denial of service. Impossible travel.

An organization keeps servers with confidential information in the same network as workstation. An attacker compromises a workstation and moves laterally to a server. Which of the following could have prevented the attacker from accessing the server?. Virtual private networks. Load balancers. Proxy servers. Security Zones.

Which of the following would a service provider supply as an assurance for a disposal service as part of a disposal process?. Retention. Insurance. Certification. Classification.

While a user reviews their email, a host gets infected by malware that came from an external hard drive plugged into the host. The malware steals all the user´s credentials stored in the browser. Which of the following training topics should the user review to prevent this situation from reoccurring?. Social engineering. Removable media and cables. Password management. Operational security.

An administrator needs to ensure all emails sent and received by a specific address are stored in a non-alterable format. Which of the following best describes this forensic concept?. discovery. Chain of custody. Legal hold. Acquistion.

Which of the following is a qualitative approach to risk analysis ?. Including the MTTR and MTBF as part of the risk assessment. Tracking and documenting network risks using a risk register. Assigning a level of high, medium or low to the risk rating. Using ALE and ARO to help determine whether a risk should be mitigated.

Which of the following is the greatest advantage that network segmentation provides?. Security zones. Decreased resource utilization. Configuration enforcement. End-to-end encryption. Enhanced endpoint protection.

Which of the following data types relates to data sovereignty?. Personally identifiable data while traveling. Data at rest outside of a country´s borders. Health data shared between doctors in other nations. Data classified as public in other countries.

A penetration tester was able to gain unauthorized access to a hypervisor platform. Which of the following vulnerabilities was most likely exploited?. Cross-site scripting. Race condition. VM escape. SQL injection.

Which of the following definition best describes the concept of the correlation ?. Analyzing the log files of the system components. Retaining data to identify patterns of malicious activity. Making a record of the events that occur in the system. Combing relevant logs from multiple sources into one location.

Which of the following is the best mitigation for a zero-day vulnerability found in mission-critical production servers that must be highly available?. Virtualizing and migrating to a containerized instance. Monitoring and implementing compensating controls. Removing and sandboxing to an jsolated network. Patching and redeploying to production as quickly as possible.

A company recently purchased a new building that does not have an existing wireless or wired infrastructure. A network engineer at the company needs to determine the placement of the access points in the new building. Which of the following accurately describes the task the network engineer will be performing?. Internal assessment. Site survey. Corporate reconnaissance. Heat map.

Which of the following should a systems administrator do after performing remediation activities?. Isolate. Classify. Archive. Rescan.

A company recently set up a system for employees to access their files remotely. However, the IT team has noticed that some employees are using personal device to access the system. Which of the following security techniques could help mitigate the risk of unauthorized connections by personal devices?. Conditional Access Policies. Multifactor Authentication. Data Loss Prevention. Cloud Access Security Broker.

A security analyst notices an increase in port scans on the edge of the corporate network, Which of the following logs should the analyst check to obtain the attacker´s source IP address ?. OS security. Endpoint. Application. Firewall.

An organization wants to increase an application´s resiliency by configuring access to multiple servers in the organization´s geographically dispersed environment. Which of the following best describes this architecture?. Virtualized. Multitenant. Load balanced. Containerized.

A security analyst notices unusual behavior on the network. The IDS on the network was not able to detect the activities. Which of the following should the security analyst use to help the IDS detect such attacks in the future?. Signature. Trends. Honeypot. Reputation.

A security analyst is examining a penetration test report notices that the tester pivoted to critical internal systems with the same local user ID and password. Which of the following would help prevent this in the future?. Implement centralized authentication with proper password policies. Connect the system to an external authentication server. Add password complexity rules and increase password history limits. Limit the ability of user accounts to change passwords.

Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?. Scheduling vulnerable jobs in /etc/crontab. Setting weak passwords in /etc/shadow. Adding a fake account to /etc/passwd. Creating a false text file in /docs/salaries.

An accounting employee recently used software that was not approved by the company. Which of the following risks does this most likely represent?. Supply chain. Unskilled attacker. Shadow IT. Hacktivist.

An attacker defaces a company´s website and refuses to relinquish control until the company removes specific harmful chemicals from its products. Which of the following best describes this type of threat actor ?. Unskilled attacker. Espionage. Hactivist. Organized crime.

A company is concerned with supply chain compromise of new servers and wants to limit this risk. Which of the following should the company review first?. Acquisition process. Asset tracking. Sanitization procedure. Change management.

Which of the following sites offers immediate service restoration following a disaster ?. Hot. Cloud-based. Cold. Warm.

Which of the following architecture models ensures that critical systems are physically isolated on the network to prevent access from users with remote access privileges?. Virtualized. Serverless. Air-gapped. Segmentation.

An organization found gaps in its software development environment and is implementing compensating controls to better protect its systems from external threats. Which of the following would be most effective? (Select two). Network segmentation. Data encryption. Access control. Expanded logging. Application allow list. Plataform hardening.

Which of the following actions best addresses a vulnerability found on a company´s web server?. Decommissioning. Monitoring. Segmentation. Patching.

Which of the following can best contribute to prioritizing patch applications?. CVSS. SCAP. CVE. OSINT.

An organization designs an inbound firewall with a fail-open configuration while implementing a website. Which of the following would the organization consider to be the highest priority?. Confidentiality. Integrity. Availability. Non-Repudiation.

Which of the following could potentially be introduced at the time of side loading?. Rootkit. Buffer overflow. On-path attack. User impersonation.

An alert reference attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk of the exploit. Which of the following types of controls is the analyst implementing?. Physical. Compensating. Operational. Detective.

Which of the following threat vectors would a user be vulnerable to when using a smarthphone to scan a two-dimensional matrix barcode?. Phishing. Quishing. Vishing. Smishing.

Which of the following is the most likely reason a security analyst would review SIEM logs?. To see correlations across multiples hosts. To check for recent password reset attemps. To assess the scope of a privacy breach. To monitor for potential DDoS attacks.

According to various privacy rules and regulations, users have the power to request that all data pertaining to them is deleted. This is known as: Data retention. Right to be forgotten. Information deletion. Attestation and acknowledgement.

Which of the following activities should a systems administrator perform to quarantine a potentially infected system ?. Disable remote log-in through Group policy. Move the device into an air-grapped environment. Convert the device into a sandbox. Remote wipe the device using the MDM platform.

Which of the following is used to improve security and overall functionality without losing critical application data?. Decommissioning. Reformatting. Patching. Encryption.

A government worker secretly copies classified files that contain defense tactics information to an external drive. The government worked the gives the external drive to a corrupt organization. Which of the following best describes the motivation of the worker?. Espionage. Financial gain. Data exfiltration. Blackmail.

An auditor noticies that, before logging into the firewall, an employee opens a document in a shared folder that contains administrative credentials. Which of the following should the auditor recommend implementing?. Acceptable use policy. Situational awareness. Password management. Operational security.

A security engineer needs to quickly identify a signature from a known malicious file. Which of the following analysis methods would the security engineer most likely use?. Network traffic. Static. Sandbox. Package monitoring.

Which of the following is the best physical security measure that prevents unauthorized vehicles from entering a data center while still allowing foot traffic?. Video surveillance. Fencing. Retractable bollards. Access control vestibules.

Which of the following can be best used to discovery a company´s publicly available breach information?. SIEM. CVSS. CVE. OSINT.

Which of the following would best ensure a controlled version release of a new software application?. Quantified risk analysis. Business continuity planning. Static code analysis. Change management procedures.

Which of the following is an advantage of a microservice-based architecture over traditional software architecture?. The internal structure of the code is hidden from users, making exploits more difficult to write. The service are written by a single team and can be debugged more quickly. Managing communication between microservices is more streamlined. Updates can be done one or more times per day ir security issues arise.

The internal security team is investigating a suspicious attachment and wants to perform a behavior analysis in an isolated environment. Which of the following will the security team most likely use?. Sandbox. Jump server. Container. Work computer.

A company´s accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?. Data exfiltration. Business email compromise. Pretext calling. Phishing campaign.

A penetration tester visit a client´s website and downloads the site´s content. Which of the following actions is the penetration tester performing ?. Due diligence. Unknown environment testing. Vulnerability scan. Passive reconnaissance.

Users report that certain processes from a batch job are not working correctly and various resources are unavailable. An application owner provides the source and destination address information, and the error are replicated for troubleshooting purposes. Which of the following should the security team perform next to help isolate the ongoing issue?. Penetration testing. Packet capture. Vulnerability scan. Firewall rules analysis.

A security analyst created a fake account and saved the password in a non-readily accessible directory in a spreadsheet. An alert was also configured to notify the security team if the spreadsheet is opened. Which of the following best describes the deception method being deployed ?. Honeytoken. Honeynet. Honey account. Honeypot.

An MSSP manages firewalls for hundreds of clients. whitch of the following tools would be most helpful to create a standard configuration template in order to improve the efficiency of firewall changes?. Benchmarks. Netflow. SCAP. SNIMP.

Which of the following actions would reduce the number of false positives for an analyst to manually review?. Replace an EDR tool with an XDR solution. Disable AV heuristics scanning. Create playbooks as part of a SOAR platform. Redefine the patch management process.

Which of the following should a security analyst use to prioritize the remediation of a vulnerability?. CVSS. OSINT. loC. CVE.

In which of the following will unencrypted PLC management traffic most likely be found?. VPN. SDN. SCADA. loT.

A recent review of log indicate many attempts to join an internal wireless network from external devices The connection appear to be originating from surrounding buildings. which of the following would best help minimize the visibility of the Wireless network?. Pre-shared keys. Heat maps. Site survey. Mobile divie managermet.

Which of the following activities would Involve members of the incident response team and other stakeholders simulating an event?. Root cause analysis. digital forencescs. Tabletop exercise. Lessons learned.

Which of the following vulnerabilitys results in an application running extremely slowly due to an abnormally large number of incoming packets?. Race conditions. Side loading. Buffer overflow. Cross-site scripting.

An organization purchases software from an overseas company The organization's IDs solution detects that adversasing data from the software is unexpectedly reporting back to the oversas company. Which of the following threat vectors does this best describe?. insider therat. Supply chain. Espionage. Nation state.

Witch of the following is the first step to secure a newly deployed server?. Add the device to the ACL. Update the current version of the software. Upgrade the OS version. Close unnecessary service ports.

Which of the following solutions would most likely be used in the financial industry to mask sensitive data?. Tokenization. Hashing. Salting. Steganography.

An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial system. Which of the following is the most likely reason for new requirement?. To ensue that errors are not passed to other system. To allow for busines insurance to be purchased. To defend againsn insider theats altering backing details. To prevent unauthoritatio changes to financeal data.

An organization decide that most employees will work remotely. The existing does not have adequate bandwidth, and the contet filtering proxy is on premises. Which of the following strategies will enable the business to securely archive its objetive while also being prepared to quicky scale for growth?. purchase o SOAR solution to decrease response times for remote workers. Install with an SASE plataform and deploy the agent to all laptops. Install a secondary VPN and proxy at the disaster recovery site, and automate failover. purchase a large internet cicuit and creae a NAT policy for the proxy.

Which of the following data protection strategies can be used to confrrn file integrity?. Encryption. Obfuscation. Hashing. Masking.

Which of the following is the most important aspect of analyzing vulnerability scan reports?. Identeyng raise positives. Discovering credential failures. Ranking by CVSS. Assessing organizational risk tolerance.

which of the following can be best used to discover a company's publicly available breach information?. OSINT. CVE. CVSS. SIEM.

A company is experiencing issues with employees leaving the company for a competitor and taking customer contact information with them. Which of the following tools will help prevent this from reoccurring?. UBA. FIM. NAC. IDS.

Which of the following agreements defines responde time, escalation points and performance metrics?. MOA. SLA. NDA. BPA.

Which of the following is a vulnerability concern for end-of-life hardware?. Newly released software may require computing resources not available on legacy hardware. failure follow hardware disposal procedures coul resul in unintended data reléase. the supply chain may not have replacement hardware. the vendor may stop providing patches and updates.

Which of the following describes a situation where a user is authorized before being authenticated?. Race condition. Privilege escalation. Impersonation. Tailgating.

A database administration must replicate the production enviroment for a new development project. The data owner wants to ensure that the production data will be secured before being moved to another environment. Which of the following Will be most likely used to protect the data?. Segmentation. Encryptation. Masking. Hashing.

A forensic engineer determines that the root cause of a compromiso is a a SQL injection attack. Which of the following should the engineer review to identify the command used by the threat actor?. Metadata. Netflow log. Application log. System log.

Which of the following is used to calcule the impact to an organization per cybersecurity incident?. SLE. ALE. ARO. SLA.

Which of the following describes the understandig between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?,. SLA. MOU. BPA. MOA.

Which of the following can be deployed in data centers as a protection against an undervottage event?. Surge protector. Resource management. Uninterruptabte power supply. Load balancer.

Which of the following techniques would identify whether data has been modified in transit?. Tokenization. Hashing. Encryption. Masking.

Which of the hardening techniques must be applied on a container image before deploying it to a production environment ? (select two ). Add an SFTP server. Remove default applications. Disable telnet. reconfigure the DNS. install a NIPS. Delete the public certificate.

Which of the following should be deployed on a externally facing web server in order to establish an encryted connection?. sysmmetric key. asymmetric key. private key. Public key.

A security administrator must use a strategy to protect the company data. The security administrator dicides to deploy FDE on the end user device and TLS for all web connections. Which of the following concepts are being used? (Select two). Data at rest. data sovereignty. Data in transit. data redundancy. data segmentation. data in use.

A security analyst sees an increase of vulnerabilities on workstations after a deployment of a company group policy. Which of the following vulnearabilyti types will the analyst most likely find on the workstations?. Zero-day. Supply chain. Misconfiguration. Malicious update.

Which of the following documents details how to accomplish a technical security task?. Policy. Quideline. Standard. Procedure.

A company is experiencing loss of availability due to excessive traficc to their front-end web servers. The company hires a digital forences expert to investigate the incident . which of the following logs should the digital forensics expert review first to diagnose the details of incident?. Switch. Router. Firewall. Load balancer.

A security analyst discovers multiple vulnerabilities and must mitigate them. The analyst must ensure protection against the following attacks: 1.-SQL injection 2.-Buffer overflow 3.-Session hijacking Which of the following solutions Will archieve this goal?. Sd-wan. UTM. IPS. WAF.

During a recent penetration test, the tester was able to plug a machine into an open wall Jack, receive an IP addres and Access internal resources and the internet. Which of the following solution should the organization leverage to addres this issues?. SASE. 802.1X. 802.11. UTM.

An analyst receives alerts for a CPU utilization spike on the servers that host a public website. The analyst determines that the server are running outdated software and have experienced an attempted DoS event. Which of the following data sources Will help determine the root cause of the attempted attack?. Firewall logs. Vulnearability scan report. Asset tracking datebase. SIEM log.

Which of the following is used to monitor suspicious traffic in real time between multiple systems within an organization?. NetFlow. development network. honetnet. infrared sensor.

Which of the following should be used to select a label for a file based on the files value, sensitivity or aplicable regulations?. Certification. Verification. Inventory. Classification.

Which of the following most securely protects data at rest?. TLS 1.2. AES-256. Salting. Masking.

After completing an annual external penetration test, a company receives the following guidance: 1.- Decommision two unused web serves currently expose to the internet 2.- Close 18 open and unused ports found on their existing production web servers 3.- Remove company email adddress and contact info from public domain registration records Which of the following security practices best describes these recommendatons?. Vulnerability assessment. Attack Surface reduction. Business impact análisis. Tabletop exercise.

The security team notices that the always on VPN solution sometimes fails to connect. The leaves remote users unprotected because they cannot to the on-premises web proxy. Which of the following change Will best provide web protection in this scenario?. Créate a public NAT to the on-premises proxy. Implement network Access control. Configure the local Gateway to point to the VPN. Intall a host-based content filtering solution.

While browsing a web page, a user receives a pop-up with a link telling to navigate to another site. To which of the followins is the site vulnerable?. XSS. DoS. TOC. SQLi.

Which of the following methods is the most effective for reducing vulnerabilities?. Using a scan-patch-scan process. Implementing a bug bounty program. Joining an information-sharing organization. PAtching low-scoring vulnerabilities first.

A company chief information security offices CISO wants to enhance the capabilities of the incident response team. The CISO directs the incident response team to deploy a tool that rapidly analyzes host and network data from potentially compromised systems and forwards the data for further correlation and reporting. Which of the following tools should the incident response team deploy?. IPS. SIEM. NAC. EDR.

The internal Audit team determines a software application is no longer in scope for external reporting requeriments. Which of the following Will document management's perspective that the application is no longer aplicable. Acknowledgement and attestation. Right to be forgotten. Due care and due diligence. Data classification pólices.

Which of the following is a reason to perform a one-time risk assessment?. Complying with a regulation. Uptating the risk register los expectatncy. Quantifying an anual los expectancy. Decommissioning an application.

A CIRT team updates their playbooks to include instructions to respond to a ransomware attack to prepare for a real event, the team perfoms a simulation and assesses their performance afterward. Which of the following activities does this describe?. Root cause análisis. Lesson tearned. Disaster recovery planning. Tabletop excercise.

A company is experiencing loss of availability due to excessive traffic to their front-end web servers. The company hires a digital forensics expert to investigate the incident . Which of the following logs should the digital forensics expert review first to diagnose the details of this incident?. Router. Switch. Load balancer. Firewall.

A customer reports that software the customer downloaded from a public website has malware in it however, the company that created the software denies any malware in its software at delivery time. Which of the following techniques Will address this concern?. Secure storage. Input validation. Code Signing. Statict code análisis.

A security analyst uses a base64 decoder to reveal malicious code. Which of the following best describes the output. Confidential. Obfuscated. Tokenized. Human-readable.

An administrator is applying mandatory patches to a critical system that is used in the finance departament. Which of the following should the administrator provide to the system owner?. Aproval process. Maintenance window. Test results. Impact análysis.

Which of the following is the most likely Benefit of conducting an internal Audit?. Control gaps are identified for remediation. Findings are reported to shareholders. Reports are not formal and can be reassingned. The need for external audits is eliminated.

An attacker used XSS to compromise a web server. Which of the following solutions could have been used to prevent this attack?. WAF. UTM. NAC. NGFW.

A security analyst wants to automate a task that shares data between programs. Which of the following is the best option for the analyst to use?. RDP. API. SOAR. SFTP.

The board of a company needs to tell the leadership team which activities are too risky to undertake during business operation. Which of the following risk management strategies does the board need to explain to the leadership team?. The company risk register. The company risk assessment. The company risk tolerance. The company risk acceptance.

A chief Security Officer sings off on a request to allow inbound SMB and RDP from the internet to a single VLAN. Which of the following is the most likely explanation for this activity?. The IT team requested a new jump host. The security team created a honeynet. The company built a new file-sharing site. The security team is integrating whit an SASE platform.

Which of the following is a risk for a company using end-of-life applications on its network?. Insecure networks. Open service ports. Vulnerable software. Default credentials.

An organization discovers that its cold site does not have enough storage and computers available. Which of the following was most likely the cause of this failure?. Backups. Load balancing. Platform diversity. Capacity planning.

A system administrator wants to use a technical solution to explicitly define file permissions for the entire team. Which of the following should the administrator implement?. Insolation. HIPS. ACL. Monitoring.

A user attempts to send an invoice to a customer. When the user follows up with the customer to see if the invoice was received, the customer informs the user that it went to the spam folder. The management team has asked the system administrator to implement measures to reduce the likelihood of this happening again by implementing server authentication. Which of the following should the system administrator implement?. DMARC. DNSSEC. SPF. XDR.

Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?. E-discovery. User provisioning. Firewall log export. Rood cause analysis.

A security administrator protects passwords by using hashing. Which of the following best describes what the administrator is doing?. Creating a rainbown table to protect passwords in a list. Adding extra characters al the end to increase password length. Using mathematical algorithms to make passwords unique. Generating token to make the passwords temporal.

A security analyst receives an alert from-end web server connected to a database back end. The alert contains the following logs. SELECT FROM user WHERE UserID = 1 =1 SELECT FROM user WHERE username = ‘admin’- -‘ AND password = ‘password’ IF 1=1 THEN dbms_lock.sleep (20) ELSE dims lock.sleep (0); END IF; END Which of the following attacks is occurring?. Buffer overflow. Brute-force. Injection. Replay.

Which of the following makes IaC a preferred security architecture over traditional infrastructure models?. Outsourcing to a third-party witch more expertise in network defense is possible. Optimization can occur across a number of computing instances. Configuration can be better managed and replicated. Common attacks are less to be affective.

Which of the following would help reduce alert fatigue?. Penetration testing. Compensating controls. Log aggregation. Rule tuning.

A company experiences a breach. The investigation reveals that the threat actor used a zero-day vulnerability to gain access and move laterally. Which of the following would best improve the company´s security posture and minimize the time to detect this type of incident?. DLP. NAC. UBA. IDS.

An analyst identifies that multiple users have the same passwords, but the hashes appear to be completely different. Which of the following most likely explains this issue?. Salting. Data masking. Key escrow. Tokenization.

A company´s security team is reviewing its business continuity plan and must determine the amount of time needed for operations to resume after a disaster. Which of the following describes the time frame the security team is trying to determine?. Recovery point objective. Mean time to repair. Recovery time objective. Mean time between failures.

A security analyst is reviewing the security of a SaaS application that the company intends to purchase. Which of the following documentation should the security analyst request from the SaaS application vendor?. Service-level agreement. Third-party audit. Data privacy agreement. Statement of work.

Which of the following is a type of vulnerability that may result from outdated algorithms or keys?. Cryptographic. Input validation. Buffer overflow. Hash collision.

A security team installs an IPS on an organization´s network and needs to configurate the system to detect and prevent specific network attacks. Which of the following settings should the team configure first within the IPS?. Packet inspection. Logging and reporting. Allow list policies. Firewall rules.

A user tries to log in to a bank website using the address ww.userbahk.com, which installs malware on the user´s computer. However, when the user tries to log in from another computer using the address ww.userbank.com, logging in works as expected. Which of the following attacks did the user experience?. Impersonating. Typosquatting. Phishing. Pretenting.

Which of the following methods to secure data is most often used to protect data in transit?. Obfuscation. Permission restriction. Hashing. Encryption.

Which of the following can automate vulnerability management?. CVSS. OSINT. SCAP. CVE.

Which of the following best describes when a user installs an application from an unofficial store?. Jailbreaking. Code signing. Side loading. Privilege escalation.

A company wants to connect several hundred branch locations in a mesh model. All the users in each branch should be able to reach the data center as well as the other branches. The branches have two ISP links, and both links should be utilized to increase to increase efficiency. Which of the following technologies should the company use to meet these requirements?. SAME. SDN. SAML. SD-WAN.

A group of people is working together to run multiple ransomware attacks against targets that the group selected to yield the most financial gain. Which of the following best describes this type of activity?. Hacktivism. Shadow IT. Nation-state actor. Organized crime.

A security analyst is prioritizing vulnerability scan result using a risk-based approach. Which of the following is the most efficient resource for the analyst to use?. Business impact analysis. Exposure factor. Risk register. Common vulnerability Scoring System.

Which of the following is a benefit of an RTO when conducting a business impact analysis?. It determines the state that systems should be restored to following an incident. It determines the likelihood of an incident and its cost. It determines the roles and responsibilities for incident responders. It determines how long an organization can tolerate downtime after an incident.

An employee decides to collect PII data from the company´s system for personal use. The employee compresses the data into a single encrypted file to their personal email. The security department becomes aware of the attempted misuse and blocks the attachment from leaving the corporate environment. Which of the following types of employee training would most likely reduce the occurrence of this type of issue? (Select two). Privacy legislation. Phishing. Social engineering. Company compliance. Risk management.

Which of the following describes the reason for using an MDM solution to prevent jailbreaking?. To eliminate buffer overflows at the application layer. To secure end-of-life devices from incompatible firmware updates. To avoid hypervisor attacks though VM escapes. To prevent users from changing the OS of mobile devices.

Which of the following uses proprietary controls and is designed to function in harsh environments over many years with limited remote access management?. ICS. Containers. Microservers. IoT.

Which of the following security controls are a company implementing by deploying HIPS? (Select two). Directive. Corrective. Physical. Detective. Preventive. Compensating.

During an assessment, an organization provides a penetration tester with a website URL and login credentials. However, the tester does not have access to the source code. Which of the following describes the type of test being performed?. Unknown. Obfuscated. Partially known. Known.

A user receives an aggressive text from an unknown server who is demanding money. Which of the following attacks is this an example of?. Scareware. Typosquatting. Smishing. Impersonation.

An administrator must authenticate user to system using credential already authenticated by a business partner´s LDAP system. Which of the following should the administrator deploy to enable this functionality?. Interoperability. OAUTH. Federation. Media access control.

An administrator downloads a patch from outside of the official vendor´s site and applies the patch to a recent critical operating system CVE. After deploying the patch, the SIEM generates hundreds of alerts of malware installations across the enterprise. Which of the following is the most likely cause of the alerts?. Third-party compromise. Malicious code. On-path attack. Collision attack.

While a school district is performing state testing a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring in the network and then terminates access for the host. Which of the following is most likely responsible for this malicious activity?. Shadow IT. DMARC failure. Unskilled attacker. Credential stuffing.

A Chief Information Security Officer wants to enhance security capabilities to block PII from being emailed or downloaded to unapproved external media. Which of the following solutions will accomplish this goal?. Implementing secure protocols on servers and endpoints. Deploying DLP software on servers and endpoints. Configuring servers and endpoints to use a centralized web proxy. Installing EDR software on servers and endpoints.

A security analyst identifies an employee who added an unauthorized wireless router to an office branch. After an investigation, the router is removed, and the employee is given mandatory retraining. Which of the following best describes this incident?. Shadow IT. Hacktivist. Nation-state. Unskilled attacker.

A company makes a change during the appropriate change window, but the unsuccessful change extends beyond the scheduled time and impacts customers. Which of the following would prevent this from reoccurring?. Risk analysis. Backout plan. Change approval. User notification.

An employee receives a work phone. Instead of starting up with the normal operating system, the phone loads to a gaming platform using administrative credentials. Which of the following issues occurred?. Misconfiguration. Side loading. Malicious update. Jailbreaking.

A security officer observes that a software development team is not complying with its corporate security policy on encrypting confidential data. Which of the following categories refers to this type of non-compliance?. Standard. External. Internal. Regulation.

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator were to develop a fault during an extended outage. Which of the following is the team most likely to consider when conducting and planning infrastructure maintenance activities?. MTTR. ARO. RPO. MTBF.

Which of the following prevents unauthorized modification to internal processes, assets and security controls?. Change management. Acceptable use policy. Playbooks. Incident response.

An analyst discovers a suspicious item in the SQL server logs. Which of the following could be evidence of an attempted SQL injection?. cd ../ ../ ../. cat /etc/shadow. Userld =10 OR 1 = 1. dif 25.36.99.11.

Which of the following metrics impacts the backup schedule as part of the BIA?. RTO. RPO. MTBF. MTTR.

A security analyst receives the following alert from the SIEM platform: Which of the following event types is most likely occurring in this scenario?. Denial of service. Brute force. Impossible travel. Impersonation.

A company wants to ensure that a mission-critical database should only be accessed from specific internal IP addresses. Which of the following should the company deploy to meet this requirement?. Web application firewall. Network tap. Intrusion prevention system. Jump server.

Which of the following is the best physical security control to prevent damage from a vehicle?. Lighting. Fencing. Bollards. Security guard.

A business provides long-term cold storage services to banks that are required to follow regulator-imposed data retention guidelines. Banks that use these services require that data is disposed of in a specific manner at the conclusion of the regulatory threshold for data retention. Which of the following aspects of data management is the most important to the bank in the destruction of this data?. Classification. Procurement. Certification. Encryption.

Which of the following could potentially be introduced at the time of side loading?. Rootkit. Buffer overflow. On-path attack. User impersonation.

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be for the security team to configure on the MDM before allowing access to corporate resources?. Device fingerprinting. Compliance attestation. 802.1x. NAC.