Summer Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Question # 4

An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

A.

Document interpolation

B.

Regular expression pattern matching

C.

Optical character recognition functionality

D.

Baseline image matching

E.

Advanced rasterization

F.

Watermarking

Full Access
Question # 5

A vulnerability analyst identified a zero-day vulnerability in a company’s internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.

Which of the following would be BEST suited to meet these requirements?

A.

ARF

B.

ISACs

C.

Node.js

D.

OVAL

Full Access
Question # 6

A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?

A.

Recovery point objective

B.

Recovery time objective

C.

Mission-essential functions

D.

Recovery service level

Full Access
Question # 7

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room.The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

A.

Monitor camera footage corresponding to a valid access request.

B.

Require both security and management to open the door.

C.

Require department managers to review denied-access requests.

D.

Issue new entry badges on a weekly basis.

Full Access
Question # 8

Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

A.

Importing the availability of messages

B.

Ensuring non-repudiation of messages

C.

Enforcing protocol conformance for messages

D.

Assuring the integrity of messages

Full Access
Question # 9

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

A.

TPM

B.

Local secure password file

C.

MFA

D.

Key vault

Full Access
Question # 10

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

A.

Mobile device management, remote wipe, and data loss detection

B.

Conditional access, DoH, and full disk encryption

C.

Mobile application management, MFA, and DRM

D.

Certificates, DLP, and geofencing

Full Access
Question # 11

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

A.

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

B.

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

C.

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

D.

Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

Full Access
Question # 12

A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

A.

Replace the current antivirus with an EDR solution.

B.

Remove the web proxy and install a UTM appliance.

C.

Implement a deny list feature on the endpoints.

D.

Add a firewall module on the current antivirus solution.

Full Access
Question # 13

A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.

Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

A.

Designing data protection schemes to mitigate the risk of loss due to multitenancy

B.

Implementing redundant stores and services across diverse CSPs for high availability

C.

Emulating OS and hardware architectures to blur operations from CSP view

D.

Purchasing managed FIM services to alert on detected modifications to covered data

Full Access
Question # 14

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

A.

Utilize code signing by a trusted third party.

B.

Implement certificate-based authentication.

C.

Verify MD5 hashes.

D.

Compress the program with a password.

E.

Encrypt with 3DES.

F.

Make the DACL read-only.

Full Access
Question # 15

An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.

Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

A.

Deploy a SOAR tool.

B.

Modify user password history and length requirements.

C.

Apply new isolation and segmentation schemes.

D.

Implement decoy files on adjacent hosts.

Full Access
Question # 16

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

A.

Create a full inventory of information and data assets.

B.

Ascertain the impact of an attack on the availability of crucial resources.

C.

Determine which security compliance standards should be followed.

D.

Perform a full system penetration test to determine the vulnerabilities.

Full Access
Question # 17

A security manager has written an incident response playbook for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?

A.

Automated vulnerability scanning

B.

Centralized logging, data analytics, and visualization

C.

Threat hunting

D.

Threat emulation

Full Access
Question # 18

A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

• Access to critical web services at the edge must be redundant and highly available.

• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.

• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

A.

Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider

B.

Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.

C.

Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.

D.

Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.

Full Access
Question # 19

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

A.

A trusted platform module

B.

A hardware security module

C.

A localized key store

D.

A public key infrastructure

Full Access
Question # 20

A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.

Which of the following should the company use to make this determination?

A.

Threat hunting

B.

A system penetration test

C.

Log analysis within the SIEM tool

D.

The Cyber Kill Chain

Full Access
Question # 21

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

A.

IAM gateway, MDM, and reverse proxy

B.

VPN, CASB, and secure web gateway

C.

SSL tunnel, DLP, and host-based firewall

D.

API gateway, UEM, and forward proxy

Full Access
Question # 22

A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

A.

65

B.

77

C.

83

D.

87

Full Access
Question # 23

A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

A.

Perform additional SAST/DAST on the open-source libraries.

B.

Implement the SDLC security guidelines.

C.

Track the library versions and monitor the CVE website for related vulnerabilities.

D.

Perform unit testing of the open-source libraries.

Full Access
Question # 24

A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

A.

Installing a network firewall

B.

Placing a WAF inline

C.

Implementing an IDS

D.

Deploying a honeypot

Full Access
Question # 25

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

A.

Review a recent gap analysis.

B.

Perform a cost-benefit analysis.

C.

Conduct a business impact analysis.

D.

Develop an exposure factor matrix.

Full Access
Question # 26

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

A.

0.5

B.

8

C.

50

D.

36,500

Full Access
Question # 27

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.

Which of the following is t he NEXT step of the incident response plan?

A.

Remediation

B.

Containment

C.

Response

D.

Recovery

Full Access
Question # 28

An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:

1) There will be a 520,000 per day revenue loss for each day the system is delayed going into production.

2) The inherent risk is high.

3) The residual risk is low.

4) There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

A.

Apply for a security exemption, as the risk is too high to accept.

B.

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

C.

Accept the risk, as compensating controls have been implemented to manage the risk.

D.

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

Full Access
Question # 29

A company is repeatedly being breached by hackers who valid credentials. The company’s Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

A.

Implement strict three-factor authentication.

B.

Implement least privilege policies

C.

Switch to one-time or all user authorizations.

D.

Strengthen identify-proofing procedures

Full Access
Question # 30

A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.

Which of the following should the company use to prevent data theft?

A.

Watermarking

B.

DRM

C.

NDA

D.

Access logging

Full Access
Question # 31

Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores. Which of the following technical strategies would best meet this objective?

A.

Federation

B.

RADIUS

C.

TACACS+

D.

MFA

E.

ABAC

Full Access
Question # 32

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.

Which of the following will allow the inspection of the data without multiple certificate deployments?

A.

Include all available cipher suites.

B.

Create a wildcard certificate.

C.

Use a third-party CA.

D.

Implement certificate pinning.

Full Access
Question # 33

Which of the following are risks associated with vendor lock-in? (Choose two.)

A.

The client can seamlessly move data.

B.

The vendor can change product offerings.

C.

The client receives a sufficient level of service.

D.

The client experiences decreased quality of service.

E.

The client can leverage a multicloud approach.

F.

The client experiences increased interoperability.

Full Access
Question # 34

A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.

Which of the following encryption methods should the cloud security engineer select during the implementation phase?

A.

Instance-based

B.

Storage-based

C.

Proxy-based

D.

Array controller-based

Full Access
Question # 35

An enterprise is undergoing an audit to review change management activities when promoting code to production. The audit reveals the following:

• Some developers can directly publish code to the production environment.

• Static code reviews are performed adequately.

• Vulnerability scanning occurs on a regularly scheduled basis per policy.

Which of the following should be noted as a recommendation within the audit report?

A.

Implement short maintenance windows.

B.

Perform periodic account reviews.

C.

Implement job rotation.

D.

Improve separation of duties.

Full Access
Question # 36

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:

Unauthorized insertions into application development environments

Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

A.

Perform static code analysis of committed code and generate summary reports.

B.

Implement an XML gateway and monitor for policy violations.

C.

Monitor dependency management tools and report on susceptible third-party libraries.

D.

Install an IDS on the development subnet and passively monitor for vulnerable services.

E.

Model user behavior and monitor for deviations from normal.

F.

Continuously monitor code commits to repositories and generate summary logs.

Full Access
Question # 37

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

A.

Lattice-based cryptography

B.

Quantum computing

C.

Asymmetric cryptography

D.

Homomorphic encryption

Full Access
Question # 38

A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.

Which of the following is a security concern that will MOST likely need to be addressed during migration?

A.

Latency

B.

Data exposure

C.

Data loss

D.

Data dispersion

Full Access
Question # 39

A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Select THREE).

A.

Least privilege

B.

VPN

C.

Policy automation

D.

PKI

E.

Firewall

F.

Continuous validation

G.

Continuous integration

Full Access
Question # 40

A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs

in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

A.

Reviewing video from IP cameras within the facility

B.

Reconfiguring the SIEM connectors to collect data from the perimeter network hosts

C.

Implementing integrity checks on endpoint computing devices

D.

Looking for privileged credential reuse on the network

Full Access
Question # 41

An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization's new email system provide?

A.

DLP

B.

Encryption

C.

E-discovery

D.

Privacy-level agreements

Full Access
Question # 42

A security architect Is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been Implemented to prevent these types of risks?

A.

Code reviews

B.

Supply chain visibility

C.

Software audits

D.

Source code escrows

Full Access
Question # 43

A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision?

A.

Monitor the Application and Services Logs group within Windows Event Log.

B.

Uninstall PowerSheII from all workstations.

C.

Configure user settings in Group Policy.

D.

Provide user education and training.

E.

Block PowerSheII via HIDS.

Full Access
Question # 44

Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements

A.

Company A-B SLA v2.docx

B.

Company A OLA v1b.docx

C.

Company A MSA v3.docx

D.

Company A MOU v1.docx

E.

Company A-B NDA v03.docx

Full Access
Question # 45

A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?

A.

Encryption in transit

B.

Legal issues

C.

Chain of custody

D.

Order of volatility

E.

Key exchange

Full Access
Question # 46

A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be best to use as part of the process to support copyright protections of the document?

A.

Steganography

B.

E-signature

C.

Watermarking

D.

Cryptography

Full Access
Question # 47

Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?

A.

SLA

B.

BIA

C.

BCM

D.

BCP

E.

RTO

Full Access
Question # 48

Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Select TWO).

A.

proxy

B.

Tunneling

C.

VDI

D.

MDM

E.

RDP

F.

MAC address randomization

Full Access
Question # 49

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile

client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

• Mobile clients should verify the identity of all social media servers locally.

• Social media servers should improve TLS performance of their certificate status

• Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Full Access
Question # 50

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select THREE).

A.

Temporal

B.

Availability

C.

Integrity

D.

Confidentiality

E.

Base

F.

Environmental

G.

Impact

Full Access
Question # 51

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

A.

MD5-based envelope method

B.

HMAC SHA256

C.

PBKDF2

D.

PGP

Full Access
Question # 52

The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:

* Monitors traffic to and from both local NAS and cloud-based file repositories

* Prevents on-site staff who are accessing sensitive customer Pll documents on file repositories from accidentally or deliberately sharing sensitive documents on personal Saa$S solutions

* Uses document attributes to reduce false positives

* Is agentless and not installed on staff desktops or laptops

Which of the following when installed and configured would BEST meet the CSO's requirements? (Select TWO).

A.

DLP

B.

NGFW

C.

UTM

D.

UEBA

E.

CASB

F.

HIPS

Full Access
Question # 53

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

A.

NAC

B.

WAF

C.

NIDS

D.

Reverse proxy

E.

NGFW

F.

Bastion host

Full Access
Question # 54

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

A.

Certificate chain

B.

Root CA

C.

Certificate pinning

D.

CRL

E.

OCSP

Full Access
Question # 55

A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.)

A.

EDE

B.

CBC

C.

GCM

D.

AES

E.

RSA

F.

RC4

G.

ECDSA

Full Access
Question # 56

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process ‘memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

A.

Execute never

B.

Noexecute

C.

Total memory encryption

D.

Virtual memory protection

Full Access
Question # 57

An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

A.

An additional layer of encryption

B.

A third-party data integrity monitoring solution

C.

A complete backup that is created before moving the data

D.

Additional application firewall rules specific to the migration

Full Access
Question # 58

Which of the following is a risk associated with SDN?

A.

Expanded attack surface

B.

Increased hardware management costs

C.

Reduced visibility of scaling capabilities

D.

New firmware vulnerabilities

Full Access
Question # 59

A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable?

A.

Virtualized emulators

B.

Type 2 hypervisors

C.

Orchestration

D.

Containerization

Full Access
Question # 60

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

A.

E-discovery

B.

Review analysis

C.

Information governance

D.

Chain of custody

Full Access
Question # 61

A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?

A.

Asynchronous keys

B.

Homomorphic encryption

C.

Data lake

D.

Machine learning

Full Access
Question # 62

A cloud security architect has been tasked with selecting the appropriate solution given the following:

* The solution must allow the lowest RTO possible.

* The solution must have the least shared responsibility possible.

« Patching should be a responsibility of the CSP.

Which of the following solutions can BEST fulfill the requirements?

A.

Paas

B.

laas

C.

Private

D.

Saas

Full Access
Question # 63

A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

A.

ocsp

B.

CRL

C.

SAN

D.

CA

Full Access
Question # 64

An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the

signature failing?

A.

The NTP server is set incorrectly for the developers

B.

The CA has included the certificate in its CRL.

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate

Full Access
Question # 65

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in

the service being unavailable. V•Vh1ch of the following would BEST prevent this scenario from happening again?

A.

Performing routine tabletop exercises

B.

Implementing scheduled, full interruption tests

C.

Backing up system log reviews

D.

Performing department disaster recovery walk-throughs

Full Access
Question # 66

Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the

website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect

recommend?

A.

Adding more nodes to the web server clusters

B.

Changing the cipher algorithm used on the web server

C.

Implementing OCSP stapling on the server

D.

Upgrading to TLS 1.3

Full Access
Question # 67

A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

• Maintain customer trust

• Minimize data leakage

• Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

A.

Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.

B.

Disable file exchange, enable watermarking, and enable the user authentication requirement.

C.

Enable end-to-end encryption, disable video recording, and disable file exchange.

D.

Enable watermarking, enable the user authentication requirement, and disable video recording.

Full Access
Question # 68

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

A.

iOS devices have an empty root certificate chain by default.

B.

OpenSSL is not configured to support PKCS#12 certificate files.

C.

The VPN client configuration is missing the CA private key.

D.

The iOS keychain imported only the client public and private keys.

Full Access
Question # 69

Which of the following indicates when a company might not be viable after a disaster?

A.

Maximum tolerable downtime

B.

Recovery time objective

C.

Mean time to recovery

D.

Annual loss expectancy

Full Access
Question # 70

During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

A.

Order of volatility

B.

Chain of custody

C.

Verification

D.

Secure storage

Full Access
Question # 71

A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltration a company report by visiting the following URL:

www.intranet.abc.com/get-files.jsp?file=report.pdf

Which of the following mitigation techniques would be BEST for the security engineer to recommend?

A.

Input validation

B.

Firewall

C.

WAF

D.

DLP

Full Access
Question # 72

A pharmaceutical company was recently compromised by ransomware. Given the following EDR output from the process investigation:

On which of the following devices and processes did the ransomware originate?

A.

cpt-ws018, powershell.exe

B.

cpt-ws026, DearCry.exe

C.

cpt-ws002, NO-AV.exe

D.

cpt-ws026, NO-AV.exe

E.

cpt-ws002, DearCry.exe

Full Access
Question # 73

A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?

A.

Collect proof that the exploit works in order to expedite the process.

B.

Publish proof-of-concept exploit code on a personal blog.

C.

Recommend legal consultation about the process.

D.

Visit a bug bounty website for the latest information.

Full Access
Question # 74

An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?

A.

Use over-the-air updates to replace the private key

B.

Manufacture a new loT device with a redesigned SoC

C.

Replace the public portion of the loT key on its servers

D.

Release a patch for the SoC software

Full Access
Question # 75

A network administrator who manages a Linux web server notices the following traffic:

http://corr.ptia.org/.../.../.../... /etc./shadow

Which of the following Is the BEST action for the network administrator to take to defend against this type of web attack?

A.

Validate the server certificate and trust chain.

B.

Validate the server input and append the input to the base directory path.

C.

Validate that the server is not deployed with default account credentials.

D.

Validate that multifactor authentication is enabled on the server for all user accounts.

Full Access
Question # 76

A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?

A.

The SD-WAN provider would not be able to handle the organization's bandwidth requirements.

B.

The operating costs of the MPLS network are too high for the organization.

C.

The SD-WAN provider uses a third party for support.

D.

Internal IT staff will not be able to properly support remote offices after the migration.

Full Access
Question # 77

During an adversarial simulation exercise, an external team was able to gain access to sensitive information and systems without the organization detecting this activity. Which of the following mitigation strategies should the organization use to best resolve the findings?

Full Access
Question # 78

A security engineer notices the company website allows users following example:

hitps://mycompany.com/main.php?Country=US

Which of the following vulnerabilities would MOST likely affect this site?

A.

SQL injection

B.

Remote file inclusion

C.

Directory traversal -

D.

Unsecure references

Full Access
Question # 79

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer

facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead

and be resistant to offline password attacks. Which of the following should the security consultant recommend?

A.

WPA2-Preshared Key

B.

WPA3-Enterprise

C.

WPA3-Personal

D.

WPA2-Enterprise

Full Access
Question # 80

A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

A.

Implement iterative software releases.

B.

Revise the scope of the project to use a waterfall approach

C.

Change the scope of the project to use the spiral development methodology.

D.

Perform continuous integration.

Full Access
Question # 81

A consultant needs access to a customer's cloud environment. The customer wants to enforce the following engagement requirements:

• All customer data must remain under the control of the customer at all times.

• Third-party access to the customer environment must be controlled by the customer.

• Authentication credentials and access control must be under the customer's control.

Which of the following should the consultant do to ensure all customer requirements are satisfied when accessing the cloud environment?

A.

use the customer's SSO with read-only credentials and share data using the customer's provisioned secure network storage

B.

use the customer-provided VDI solution to perform work on the customer's environment.

C.

Provide code snippets to the customer and have the customer run code and securely deliver its output

D.

Request API credentials from the customer and only use API calls to access the customer's environment.

Full Access
Question # 82

A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?

A.

Develop an Nmap plug-in to detect the indicator of compromise.

B.

Update the organization's group policy.

C.

Include the signature in the vulnerability scanning tool.

D.

Deliver an updated threat signature throughout the EDR system

Full Access
Question # 83

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

A.

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

B.

Take an MD5 hash of the server.

C.

Delete all PHI from the network until the legal department is consulted.

D.

Consult the legal department to determine the legal requirements.

Full Access
Question # 84

A technician accidentally deleted the secret key that was corresponding to the public key pinned to a busy online magazine. To remedy the situation, the technician obtained a new certificate with a different key. However, paying subscribers were locked out of the website until the key-pinning policy expired. Which of the following alternatives should the technician adopt to prevent a similar issue in the future?

A.

Registration authority

B.

Certificate revocation list

C.

Client authentication

D.

Certificate authority authorization

Full Access
Question # 85

A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:

• Enterprise IT servers and supervisory industrial systems share the same subnet.

• Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.

• Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.

Which of the following re-architecture approaches would be best to reduce the company's risk?

A.

Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.

B.

Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.

C.

Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.

D.

Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.

Full Access
Question # 86

An organization develops a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only data center are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

Low latencyfor all mobile users to improve the users' experience

SSL offloadingto improve web server performance

Protection against DoS and DDoS attacks

High availability

Which of the following should the organization implement tobestensure all requirements are met?

A.

A cache server farm in its data center

B.

A load-balanced group of reverse proxy servers with SSL acceleration

C.

A CDN with the origin set to its data center

D.

Dual gigabit-speed internet connections with managed DDoS prevention

Full Access
Question # 87

A security administrator wants to enable a feature that would prevent a compromised encryption key from being used to decrypt all the VPN traffic. Which of the following should the security administrator use?

A.

Salsa20 cipher

B.

TLS-based VPN

C.

PKI-based IKE IPSec negotiation

D.

Perfect forward secrecy

Full Access
Question # 88

A security engineer is reviewing event logs because an employee successfully connected a personal Windows laptop to the corporate network, which is against company policy. Company policy allows all Windows 10 and 11 laptops to connect to the system as long as the MDM agent installed by IT is running. Only compliant devices can connect, and the logic in the system to evaluate compliant laptops is as follows:

Which of the following most likely occurred when the employee connected a personally owned Windows laptop and was allowed on the network?

A.

The agent was not running on the laptop, which triggered a false positive.

B.

The OS was a valid version, but the MDM agent was not installed, triggering a true positive.

C.

The OS was running a Windows version below 10 and triggered a false negative.

D.

The OS version was higher than 11. and the MDM agent was running, triggering a true negative.

Full Access
Question # 89

A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?

A.

True positive

B.

False negative

C.

False positive

D.

True negative

Full Access
Question # 90

A security analyst is examining a former employee's laptop for suspected evidence of suspicious activity. The analyst usesddduring the investigation. Which of the following best explains why the analyst is using this tool?

A.

To capture an image of the hard drive

B.

To reverse engineer binary programs

C.

To recover deleted logs from the laptop

D.

To deduplicate unnecessary data from the hard drive

Full Access
Question # 91

Which of the following best explain why organizations prefer to utilize code that is digitally signed? (Select two).

A.

It provides origin assurance.

B.

It verifies integrity.

C.

It provides increased confidentiality.

D.

It integrates with DRMs.

E.

It verifies the recipient’s identity.

F.

It ensures the code is free of malware.

Full Access
Question # 92

Company A is merging with Company B Company A is a small, local company Company B has a large, global presence The two companies have a lot of duplication in their IT systems processes, and procedures On the new Chief Information Officer's (ClO's) first day a fire breaks out at Company B's mam data center Which of the following actions should the CIO take first?

A.

Determine whether the incident response plan has been tested at both companies, and use it to respond

B.

Review the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies.

C.

Ensure hot. warm, and mobile disaster recovery sites are available, and give an update to the companies' leadership teams

D.

Initiate Company A's IT systems processes and procedures, assess the damage, and perform a BIA

Full Access
Question # 93

An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

A.

Due care

B.

Due diligence

C.

Due process

D.

Due notice

Full Access
Question # 94

A penetration tester inputs the following command:

This command will allow the penetration tester to establish a:

A.

port mirror

B.

network pivot

C.

reverse shell

D.

proxy chain

Full Access
Question # 95

A security analyst is reviewing the following output from a vulnerability scan from an organization's internet-facing web services:

Which of the following indicates a susceptibility whereby an attacker can take advantage of the trust relationship between the client and the server?

A.

Line 06

B.

Line 10

C.

Line 13

D.

Line 17

Full Access
Question # 96

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

A.

IaaS

B.

SaaS

C.

Faas

D.

PaaS

Full Access
Question # 97

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

A.

Deploying a WAF signature

B.

Fixing the PHP code

C.

Changing the web server from HTTPS to HTTP

D.

UsingSSLv3

E.

Changing the code from PHP to ColdFusion

F.

Updating the OpenSSL library

Full Access
Question # 98

A security analyst runs a vulnerability scan on a network administrator's workstation The network administrator has direct administrative access to the company's SSO web portal The vulnerability scan uncovers cntical vulnerabilities with equally high CVSS scores for the user's browser, OS, email client and an offline password manager Which of the following should the security analyst patch FIRST?

A.

Email client

B.

Password manager

C.

Browser

D.

OS

Full Access
Question # 99

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badgeto access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.

Which of the following should the security team recommend FIRST?

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Full Access
Question # 100

A mobile administrator is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices:

Which of the following mobile configuration settings is the mobile administrator verifying?

A.

Service set identifier authentication

B.

Wireless network auto joining

C.

802.1X with mutual authentication

D.

Association MAC address randomization

Full Access
Question # 101

An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

A.

SLA

B.

ISA

C.

NDA

D.

MOU

Full Access
Question # 102

An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication?

A.

Perfect forward secrecy on both endpoints

B.

Shared secret for both endpoints

C.

Public keys on both endpoints

D.

A common public key on each endpoint

E.

A common private key on each endpoint

Full Access
Question # 103

The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

A.

Integrate the web proxy with threat intelligence feeds.

B.

Scan all downloads using an antivirus engine on the web proxy.

C.

Block known malware sites on the web proxy.

D.

Execute the files in the sandbox on the web proxy.

Full Access
Question # 104

A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for

the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which

of the following would BEST achieve this objective?

A.

Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.

B.

Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.

C.

Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.

D.

Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.

Full Access
Question # 105

Which of the following technologies allows CSPs to add encryption across multiple data storages?

A.

Symmetric encryption

B.

Homomorphic encryption

C.

Data dispersion

D.

Bit splitting

Full Access
Question # 106

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

A.

DLP

B.

Mail gateway

C.

Data flow enforcement

D.

UTM

Full Access
Question # 107

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Which of the following MOST appropriate corrective action to document for this finding?

A.

The product owner should perform a business impact assessment regarding the ability to implement a WAF.

B.

The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

C.

The system administrator should evaluate dependencies and perform upgrade as necessary.

D.

The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

Full Access
Question # 108

Which of the following is required for an organization to meet the ISO 27018 standard?

A.

All Pll must be encrypted.

B.

All network traffic must be inspected.

C.

GDPR equivalent standards must be met

D.

COBIT equivalent standards must be met

Full Access
Question # 109

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice.

Which of the following should the organization consider FIRST to address this requirement?

A.

Implement a change management plan to ensure systems are using the appropriate versions.

B.

Hire additional on-call staff to be deployed if an event occurs.

C.

Design an appropriate warm site for business continuity.

D.

Identify critical business processes and determine associated software and hardware requirements.

Full Access
Question # 110

A security analyst is reviewing the following vulnerability assessment report:

Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?

A.

Server1

B.

Server2

C.

Server 3

D.

Servers

Full Access
Question # 111

An analyst reviews the following output collected during the execution of a web application security assessment:

Which of the following attacks would be most likely to succeed, given the output?

A.

NULL and unauthenticated cipher downgrade attack

B.

Availability attack from manipulation of associated authentication data

C.

Padding oracle attack

D.

On-path forced renegotiation to insecure ciphers

Full Access
Question # 112

A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite:

Which of the following is the MOST likely cause of the customer’s inability to connect?

A.

Weak ciphers are being used.

B.

The public key should be using ECDSA.

C.

The default should be on port 80.

D.

The server name should be test.com.

Full Access
Question # 113

A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system. Which of the following security responsibilities will the DevOps team need to perform?

A.

Securely configure the authentication mechanisms

B.

Patch the infrastructure at the operating system

C.

Execute port scanning against the services

D.

Upgrade the service as part of life-cycle management

Full Access
Question # 114

A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted. Which of the following would be the BEST document to consult?

A.

Rules of engagement

B.

Master service agreement

C.

Statement of work

D.

Target audience

Full Access
Question # 115

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.

Which of the following commands should the analyst run to BEST determine whether financial data was lost?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 116

An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API.

Given this information, which of the following is a noted risk?

A.

Feature delay due to extended software development cycles

B.

Financial liability from a vendor data breach

C.

Technical impact to the API configuration

D.

The possibility of the vendor’s business ceasing operations

Full Access
Question # 117

A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl ');whois

Which of the following security controls would have alerted and prevented the next phase of the attack?

A.

Antivirus and UEBA

B.

Reverse proxy and sandbox

C.

EDR and application approved list

D.

Forward proxy and MFA

Full Access
Question # 118

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

A.

SDLC attack

B.

Side-load attack

C.

Remote code signing

D.

Supply chain attack

Full Access
Question # 119

Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

A.

Biometric authenticators are immutable.

B.

The likelihood of account compromise is reduced.

C.

Zero trust is achieved.

D.

Privacy risks are minimized.

Full Access
Question # 120

A financial institution has several that currently employ the following controls:

* The severs follow a monthly patching cycle.

* All changes must go through a change management process.

* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

A.

Require more than one approver for all change management requests.

B.

Implement file integrity monitoring with automated alerts on the servers.

C.

Disable automatic patch update capabilities on the servers

D.

Enhanced audit logging on the jump servers and ship the logs to the SIEM.

Full Access
Question # 121

A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relationsemployee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.

A.

Implementing application blacklisting

B.

Configuring the mall to quarantine incoming attachment automatically

C.

Deploying host-based firewalls and shipping the logs to the SIEM

D.

Increasing the cadence for antivirus DAT updates to twice daily

Full Access
Question # 122

A company Invested a total of $10 million lor a new storage solution Installed across live on-site datacenters. Fitly percent of the cost of this Investment was for solid-state storage. Due to thehigh rate of wear on this storage, the company Is estimating that 5% will need to be replaced per year. Which of the following is the ALE due to storage replacement?

A.

$50,000

B.

$125,000

C.

$250,000

D.

$500.000

E.

$51,000,000

Full Access
Question # 123

A help desk technician just informed the security department that a user downloaded a suspicious file from internet explorer last night. The user confirmed accessing all the files and folders before going home from work. the next morning, the user was no longer able to boot the system and was presented a screen with a phone number. The technician then tries to boot the computer using wake-on-LAN, but the system would not come up. which of the following explains why the computer would not boot?

A.

The operating system was corrupted.

B.

SElinux was in enforced status.

C.

A secure boot violation occurred.

D.

The disk was encrypted.

Full Access
Question # 124

As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.

Which of the following BEST describes this kind of risk response?

A.

Risk rejection

B.

Risk mitigation

C.

Risk transference

D.

Risk avoidance

Full Access
Question # 125

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:

- Protection from DoS attacks against its infrastructure and web applications is in place.

- Highly available and distributed DNS is implemented.

- Static content is cached in the CDN.

- A WAF is deployed inline and is in block mode.

- Multiple public clouds are utilized in an active-passive architecture.

With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

A.

The public cloud provider is applying QoS to the inbound customer traffic.

B.

The API gateway endpoints are being directly targeted.

C.

The site is experiencing a brute-force credential attack.

D.

A DDoS attack is targeted at the CDN.

Full Access
Question # 126

An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, anumber of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

A.

Enable the x-Forwarded-For header al the load balancer.

B.

Install a software-based HIDS on the application servers.

C.

Install a certificate signed by a trusted CA.

D.

Use stored procedures on the database server.

E.

Store the value of the $_server ( ‘ REMOTE_ADDR ' ] received by the web servers.

Full Access
Question # 127

A review of the past year’s attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.

Which of the following would be BEST for the company to implement?

A.

A WAF

B.

An IDS

C.

A SIEM

D.

A honeypot

Full Access
Question # 128

A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

A.

Bot protection

B.

OAuth 2.0

C.

Input validation

D.

Autoscaling endpoints

E.

Rate limiting

F.

CSRF protection

Full Access
Question # 129

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

A.

Increased network latency

B.

Unavailable of key escrow

C.

Inability to selected AES-256 encryption

D.

Removal of user authentication requirements

Full Access
Question # 130

A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website. Which of the following would be the BEST technique to ensure the software the users download is the official software released by the company?

A.

Distribute the software via a third-party repository.

B.

Close the web repository and deliver the software via email.

C.

Email the software link to all customers.

D.

Display the SHA checksum on the website.

Full Access
Question # 131

A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.

Which of the following offers an authoritative decision about whether the evidence was obtained legally?

A.

Lawyers

B.

Court

C.

Upper management team

D.

Police

Full Access
Question # 132

A company’s Chief Information Security Officer is concerned that the company’s proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.

Which of the following compensating controls would be BEST to implement in this situation?

A.

EDR

B.

SIEM

C.

HIDS

D.

UEBA

Full Access
Question # 133

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data. Which of the following commands should the analyst run tobestdetermine whether financial data was lost?

A.

grep -v '^4[0-9]{12}(?:[0-9]{3})?$' file

B.

grep '^4[0-9]{12}(?:[0-9]{3})?$' file

C.

grep '^6(?:011|5[0-9]{2})[0-9]{12}?' file

D.

grep -v '^6(?:011|5[0-9]{2})[0-9]{12}?' file

Full Access
Question # 134

Company A acquired Company В. During an audit, a security engineer found Company B’s environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A’s security program.

Which of the following risk-handling techniques was used?

A.

Accept

B.

Avoid

C.

Transfer

D.

Mitigate

Full Access
Question # 135

Users are reporting intermittent access issues with & new cloud application that was recently added to the network. Upon investigation, he scary administrator notices the human resources department Is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

A.

Modify the ACLs.

B.

Review the Active Directory.

C.

Update the marketing department's browser.

D.

Reconfigure the WAF.

Full Access
Question # 136

Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

A.

Remote provider BCDR

B.

Cloud provider BCDR

C.

Alternative provider BCDR

D.

Primary provider BCDR

Full Access
Question # 137

An organization is designing a MAC scheme (or critical servers running GNU/Linux. The security engineer is investigating SELinux but is confused about how to read labeling contexts. The engineer executes the command stat ./secretfile and receives the following output:

Which of the following describes the correct order of labels shown in the output above?

A.

Role, type MLS level, and user identity

B.

Role, user identity, object, and MLS level

C.

Object MLS level, role, and type

D.

User identity, role, type, and MLS level

E.

Object, user identity, role, and MLS level

Full Access
Question # 138

A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.

Which of the following BEST describes the type of malware the solution should protect against?

A.

Worm

B.

Logic bomb

C.

Fileless

D.

Rootkit

Full Access
Question # 139

A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?

A.

Mirror the blobs at a local data center.

B.

Enable fast recovery on the storage account.

C.

Implement soft delete for blobs.

D.

Make the blob immutable.

Full Access
Question # 140

A healthcare system recently suffered from a ransomware incident As a result the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits and had openRDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Select THREE).

A.

SD-WAN

B.

PAM

C.

Remote access VPN

D.

MFA

E.

Network segmentation

F.

BGP

G.

NAC

Full Access
Question # 141

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.

Which of the following should the organization perform NEXT?

A.

Assess the residual risk.

B.

Update the organization’s threat model.

C.

Move to the next risk in the register.

D.

Recalculate the magnitude of impact.

Full Access
Question # 142

A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

A.

X-Forwarded-Proto

B.

X-Forwarded-For

C.

Cache-Control

D.

Strict-Transport-Security

E.

Content-Security-Policy

Full Access
Question # 143

An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?

A.

A turbine would overheat and cause physical harm.

B.

The engineers would need to go to the historian.

C.

The SCADA equipment could not be maintained.

D.

Data would be exfiltrated through the data diodes.

Full Access
Question # 144

While performing mandatory monthly patch updates on a production application server, the security analyst reports an instance of buffer overflow for a new application that was migrated to the cloud and is also publicly exposed. Security policy requires that only internal users have access to the application. Which of the following should the analyst implement to mitigate the issues reported? (Select two).

A.

Configure firewall rules to block all external traffic.

B.

Enable input validation for all fields.

C.

Enable automatic updates to be installed on all servers.

D.

Configure the security group to enable external traffic.

E.

Set up a DLP policy to alert for exfiltration on all application servers.

F.

Enable nightly vulnerability scans

Full Access
Question # 145

A DNS forward lookup zone named complia.org must:

• Ensure the DNS is protected from on-path attacks.

• Ensure zone transfers use mutual authentication and are authenticated and negotiated.

Which of the following should the security architect configure to meet these requirements? (Select two).

A.

Public keys

B.

Conditional forwarders

C.

Root hints

D.

DNSSEC

E.

CNAME records

F.

SRV records

Full Access
Question # 146

A security team is creating tickets to track the progress of remediation. Which of the following is used to specify the due dates for high- and critical-priority findings?

A.

MSA

B.

SLA

C.

ISA

D.

MOU

Full Access
Question # 147

A security analyst is evaluating all third-party software an organization uses. The analyst discovers that each department is violating the organization's policy by provisioning access to SaaS products without oversight from the security group and without using a centralized access control methodology. Which of the following should the organization use to enforce its SaaS product access requirements?

A.

SLDAP

B.

SAML

C.

VDI

D.

TACACS

Full Access
Question # 148

A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data’s confidentiality is maintained in a dynamic, low-risk environment. Which of the following would best achieve this goal? (Select two).

A.

Install a SOAR on all endpoints.

B.

Hash all files.

C.

Install SIEM within a SOC.

D.

Encrypt all data and files at rest, in transit, and in use.

E.

Configure SOAR to monitor and intercept files and data leaving the network.

F.

Implement file integrity monitoring.

Full Access
Question # 149

A company with only U S -based customers wants to allow developers from another country to work on the company's website However, the company plans to block normal internet traffic from the other country Which of the following strategies should the company use to accomplish this objective? (Select two).

A.

Block foreign IP addresses from accessing the website

B.

Have the developers use the company's VPN

C.

Implement a WAP for the website

D.

Give the developers access to a jump box on the network

E.

Employ a reverse proxy for the developers

F.

Use NAT to enable access for the developers

Full Access
Question # 150

A security engineer would like to control configurations on mobile devices while fulfilling the following requirements:

• Support and control Apple and Android devices.

• The device must be corporate-owned.

Which of the following would enable the engineer to meet these requirements? (Select two).

A.

Create a group policy to lock down mobile devices.

B.

Update verbiage in the acceptable use policy for the internet.

C.

Implement an MDM solution.

D.

Implement a captive portal solution.

E.

Update policy to prohibit the use of BYOD devices.

F.

Implement a RADIUS solution.

Full Access
Question # 151

A senior cybersecurity engineer is solving a digital certificate issue in which the CA denied certificate issuance due to failed subject identity validation. At which of the following steps within the PKI enrollment process would the denial have occurred?

A.

RA

B.

OCSP

C.

CA

D.

IdP

Full Access
Question # 152

A new VM server (Web Server C) was spun up in the cloud and added to the load balancer to an existing web application (Application A) that does not require internet access. Sales users arereporting intermittent issues with this application when processing orders that require access to the warehouse department.

Given the following information:

Firewall rules: Existing rules do not account for Web Server C’s IP address (10.2.0.92).

Application A Security Group: Inbound rules and outbound rules are insufficient for the new server.

The security team wants to minimize the firewall rule set by avoiding specific host rules whenever possible. Which of the following actions must be taken to resolve the issue and meet the security team's requirements?

A.

Reconfigure Web Server C to 10.2.0.62

B.

Modify the firewall rules to include the new IP address of Web Server C

C.

Alter the security group outbound rules to be more restrictive

D.

Change the security group inbound rules to include the new IP address of Web Server C

Full Access
Question # 153

Several unlabeled documents in a cloud document repository contain cardholder information. Which of the following configuration changes should be made to the DLP system to correctly label these documents in the future?

A.

Digital rights management

B.

Network traffic decryption

C.

Regular expressions

D.

Watermarking

Full Access
Question # 154

An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted. Which of the following attack vectors does this registry address?

A.

Supply chain attack

B.

Cipher substitution attack

C.

Side-channel analysis

D.

On-path attack

E.

Pass-the-hash attack

Full Access
Question # 155

A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities. Which of the following would be the first step in reducing the attack surface in this environment?

A.

Utilizing hardening recommendations

B.

Deploying IPS/IDS throughout the environment

C.

Installing and updating antivirus

D.

Installing all available patches

Full Access
Question # 156

A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks Which of the following is the MOST important infrastructure security design element to prevent an outage7

A.

Supporting heterogeneous architecture

B.

Leveraging content delivery network across multiple regions

C.

Ensuring cloud autoscaling is in place

D.

Scaling horizontally to handle increases in traffic

Full Access
Question # 157

Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?

A.

At the individual product level

B.

Through the selection of a random product

C.

Using a third-party audit report

D.

By choosing a major product

Full Access
Question # 158

A security engineer is trying to identify instances of a vulnerability in an internally developed line of business software. The software is hosted at the company's internal data center. Although a standard vulnerability definition does not exist, the identification and remediation results should be tracked in the company's vulnerability management system. Which of the following should the engineer use to identify this vulnerability?

A.

SIEM

B.

CASB

C.

SCAP

D.

OVAL

Full Access
Question # 159

A security architect must mitigate the risks from what is suspected to be an exposed, private cryptographic key. Which of the following is the best step to take?

A.

Revoke the certificate.

B.

Inform all the users of the certificate.

C.

Contact the company's Chief Information Security Officer.

D.

Disable the website using the suspected certificate.

E.

Alert the root CA.

Full Access
Question # 160

During a forensics investigation, a security professional needs to identify ISO images in a computer system where the ISO extension has been purposely removed or replaced with another extension. Which of the following tools will accomplish this task?

A.

file

B.

Isof

C.

ldd

D.

OllyDbg

Full Access
Question # 161

An organization performed a risk assessment and discovered that less than 50% of its employees have been completing security awareness training. Which of the following should the ChiefInformation Security Officer highlight as an area of Increased vulnerability in a report to the management team?

A.

Social engineering

B.

Third-party compromise

C.

APT targeting

D.

Pivoting

Full Access
Question # 162

A company has data it would like to aggregate from its PLCs for data visualization and predictive maintenance purposes. Which of the following is the most likely destination for the tag data from the PLCs?

A.

External drive

B.

Cloud storage

C.

System aggregator

D.

Local historian

Full Access
Question # 163

Which of the following best describes a risk associated with using facial recognition to locally authenticate to a mobile device?

A.

Data remanence

B.

Deepfake

C.

Metadata scraping

D.

Biometric impersonation

Full Access
Question # 164

Which of the following is the best way to protect the website browsing history for an executive who travels to foreign countries where internet usage is closely monitored?

A.

DoH

B.

EAP-TLS

C.

Geofencing

D.

Private browsing mode

Full Access
Question # 165

A company wants to reduce its backup storage requirement and is undertaking a data cleanup project. Which of the following should a security administrator consider first when determining which data should be deleted?

A.

Retention schedules

B.

Classification levels

C.

Sanitization requirements

D.

Data labels

E.

File size

Full Access
Question # 166

A company's BIA indicates that any loss of more than one hour of data would be catastrophic to the business. Which of the following must be in place to meet this requirement?

A.

RPO

B.

RTO

C.

SLA

D.

DRP

E.

BCP

Full Access
Question # 167

A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution. Which of the following should be implemented into the SDLC to resolve the issue?

A.

Software composition analysis

B.

A SCAP scanner

C.

ASAST

D.

A DAST

Full Access
Question # 168

A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data Indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the CSO implement?

A.

Simulating a spam campaign

B.

Conducting a sanctioned vishing attack

C.

Performing a risk assessment

D.

Executing a penetration test

Full Access
Question # 169

A company uses a CSP to provide a front end for its new payment system offering. The new offering is currently certified as PCI compliant. In order for the integrated solution to be

compliant, the customer:

A.

must also be PCI compliant, because the risk is transferred to the provider.

B.

still needs to perform its own PCI assessment of the provider's managed serverless service.

C.

needs to perform a penetration test of the cloud provider's environment.

D.

must ensure in-scope systems for the new offering are also PCI compliant.

Full Access
Question # 170

A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts

Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

A.

WAF

B.

CASB

C.

SWG

D.

DLP

Full Access
Question # 171

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

A.

Execute never

B.

No-execute

C.

Total memory encryption

D.

Virtual memory encryption

Full Access
Question # 172

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

A.

Distributed connection allocation

B.

Local caching

C.

Content delivery network

D.

SD-WAN vertical heterogeneity

Full Access
Question # 173

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

A.

Require a VPN to be active to access company data.

B.

Set up different profiles based on the person’s risk.

C.

Remotely wipe the device.

D.

Require MFA to access company applications.

Full Access
Question # 174

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

A.

The company will have access to the latest version to continue development.

B.

The company will be able to force the third-party developer to continue support.

C.

The company will be able to manage the third-party developer’s development process.

D.

The company will be paid by the third-party developer to hire a new development team.

Full Access
Question # 175

A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.

Which of the following would provide the BEST boot loader protection?

A.

TPM

B.

HSM

C.

PKI

D.

UEFI/BIOS

Full Access
Question # 176

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

A.

Implement a VPN for all APIs.

B.

Sign the key with DSA.

C.

Deploy MFA for the service accounts.

D.

Utilize HMAC for the keys.

Full Access
Question # 177

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Which of the following is MOST likely the root cause?

A.

The client application is testing PFS.

B.

The client application is configured to use ECDHE.

C.

The client application is configured to use RC4.

D.

The client application is configured to use AES-256 in GCM.

Full Access
Question # 178

A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.

Which of the following would satisfy the requirement?

A.

NIDS

B.

NIPS

C.

WAF

D.

Reverse proxy

Full Access
Question # 179

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

A.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.

Required all laptops to connect to the VPN before accessing email.

C.

Implement cloud-based content filtering with sandboxing capabilities.

D.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Full Access
Question # 180

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

A.

Pay the ransom within 48 hours.

B.

Isolate the servers to prevent the spread.

C.

Notify law enforcement.

D.

Request that the affected servers be restored immediately.

Full Access
Question # 181

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

A.

Deploy an RA on each branch office.

B.

Use Delta CRLs at the branches.

C.

Configure clients to use OCSP.

D.

Send the new CRLs by using GPO.

Full Access
Question # 182

A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.

Which of the following techniques will MOST likely meet the business’s needs?

A.

Performing deep-packet inspection of all digital audio files

B.

Adding identifying filesystem metadata to the digital audio files

C.

Implementing steganography

D.

Purchasing and installing a DRM suite

Full Access
Question # 183

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Full Access
Question # 184

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

A.

Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

B.

Change privileged usernames, review the OS logs, and deploy hardware tokens.

C.

Implement MFA, review the application logs, and deploy a WAF.

D.

Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

Full Access