Domain 1: Security Concepts & Operations
Domain 2 – Threats, Vulnerabilities, and Mitigations
Domain 3 – Security Architecture
Domain 4 – Security Operations
Domain 5 – Governance, Risk, and Compliance
100
Which of the following most likely describes why a security engineer would configure all outbound emails to use S/MIME digital signatures?
A. To meet compliance standards
B. To increase delivery rates
C. To block phishing attacks
D. To ensure non-repudiation
What is to ensure non-repudiation
100
An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?
A. Smishing
B. Disinformation
C. Impersonating
D. Whaling
What is Impersonating
100
Employees located off-site must have access to company resources in order to complete
their assigned tasks. These employees utilize a solution that allows remote access without
interception concerns. Which of the following best describes this solution?
A. Proxy server
B. NGFW
C. VPN
D. Security zone
What is VPN
100
Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?
A. Continuity of operations
B. Capacity planning
C. Tabletop exercise
D. Parallel processing
What is Tabletop exercise
100
Which of the following agreement types defines the time frame in which a vendor needs to respond?
A. SOW
B. SLA
C. MOA
D. MOU
What is SLA
200
After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?
A. Version validation
B. Version changes
C. Version updates
D. Version control
What is Version control
200
A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?
A. SQLi
B. Cross-site scripting
C. Jailbreaking
D. Side loading
What is Jailbreaking
200
Which of the following is classified as high availability in a cloud environment?
A. Access broker
B. Cloud HSM
C. WAF
D. Load balancer
What is Load balancer
200
Which of the following is a feature of a next-generation SIEM system?
A. Virus signatures
B. Automated response actions
C. Security agent deployment
D. Vulnerability scanning
What is Automated response actions
200
The Chief Information Security Officer (CISO) has determined the company is noncompliant with local data privacy regulations. The CISO needs to justify the budget request for more resources. Which of the following should the CISO present to the board as the direct consequence of non-compliance?
A. Fines
B. Reputational damage
C. Sanctions
D. Contractual implications
What is fines
300
Which of the following security concepts is accomplished with the installation of a RADIUS server?
A. CIA
B. AAA
C. ACL
D. PEM
What is AAA
300
Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?
A. Unidentified removable devices
B. Default network device credentials
C. Spear phishing emails
D. Impersonation of business units through typosquatting
What is Unidentified removable devices
300
Which of the following security measures is required when using a cloud-based platform for IoT management?
A. Encrypted connection
B. Federated identity
C. Firewall
D. Single sign-on
What is Encrypted connection
300
Which of the following phases of an incident response involves generating reports?
A. Recovery
B. Preparation
C. Lessons learned
D. Containment
What is Lessons learned
300
A network engineer deployed a redundant switch stack to increase system availability. However, the budget can only cover the cost of one ISP connection. Which of the following best describes the potential risk factor?
A. The equipment MTBF is unknown.
B. The ISP has no SLA.
C. An RPO has not been determined.
D. There is a single point of failure.
What is There is a single point of failure.
400
To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed. Which of the following best describe these types of controls? (Choose two.)
A. Preventive
B. Deterrent
C. Corrective
D. Directive
E. Compensating
F. Detective
What is Deterrent and Detective
400
After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?
A. False positive
B. False negative
C. True positive
D. True negative
What is False positive
400
A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?
A. Load balancer
B. Port security
C. IPS
D. NGFW
What is Port security
400
Which of the following examples would be best mitigated by input sanitization?
A. 
B. nmap - 10.11.1.130
C. Email message: "Click this link to get your free gift card."
D. Browser message: "Your connection is not private."
Correct answer is A
400
A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objectives. Which of the following will be the best method to achieve this objective?
A. Third-party attestation
B. Penetration testing
C. Internal auditing
D. Vulnerability scans
What is Internal auditing
500
A company wants to ensure that the software it develops will not be tampered with after the final version is completed. Which of the following should the company most likely use?
A. Hashing
B. Encryption
C. Baselines
D. Tokenization
What is Hashing
500
A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?
A. Memory injection
B. Race condition
C. Side loading
D. SQL injection
What is Memory injection
500
A company is decommissioning its physical servers and replacing them with an
architecture that will reduce the number of individual operating systems. Which of the
following strategies should the company use to achieve this security requirement?
A. Microservices
B. Containerization
C. Virtualization
D. Infrastructure as code
What is Containerization
500
Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days. Which of the following would reduce the risk of this incident from happening again? (Choose two.)
A. Increasing the minimum password length to 14 characters.
B. Upgrading the password hashing algorithm from MD5 to SHA-512.
C. Increasing the maximum password age to 120 days.
D. Reducing the minimum password length to ten characters.
E. Reducing the minimum password age to zero days.
F. Including a requirement for at least one special character.
What is Increasing the minimum password length to 14 characters. and Including a requirement for at least one special character.
A and F
500
An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?
A. Deploy multifactor authentication.
B. Decrease the level of the web filter settings.
C. Implement security awareness training.
D. Update the acceptable use policy.
What is Implement security awareness training.