A security administrator has been asked to respond to
a potential security breach of the company’s databases, and they need to gather the most volatile data before powering down the database servers. In which order should they collect this information?

❍ A. CPU registers, temporary files, memory,
remote monitoring data
❍ B. Memory, CPU registers, remote monitoring data,
temporary files
❍ C. Memory, CPU registers, temporary files,
remote monitoring data
❍ D. CPU registers, memory, temporary files,
remote monitoring data

A security administrator, Elizabeth is concerned about
the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this data exfiltration method?

❍ A. Create an operating system security policy to
prevent the use of removable media
❍ B. Monitor removable media usage in host-based
firewall logs
❍ C. Only allow applications that do not use
removable media
❍ D. Define a removable media block rule in the UTM

A remote user has received a text message requesting
login details to the corporate VPN server. Which of the
following would BEST describe this message?
❍ A. Brute force
❍ B. Prepending
❍ C. Typosquatting
❍ D. Smishing

A manufacturing company has moved an inventory
application from its internal systems to a PaaS service. Which of the following would be the BEST way to manage security policies on this new service?
❍ A. DLP
❍ B. SIEM
❍ C. IPS
❍ D. CASB

A system administrator, Daniel, is working on a contract that will specify a minimum required uptime for a set of Internet-facing firewalls. Daniel needs to know how often the firewall hardware is expected to fail between repairs. Which of the following would BEST describe this information?
❍ A. MTBF
❍ B. RTO
❍ C. MTTR
❍ D. MTTF

How can a company ensure that all data on a mobile
Is the device unrecoverable if it is lost or stolen?
❍ A. Containerization
❍ B. Geofencing
❍ C. Screen locks
❍ D. Remote wipe

A CISO (Chief Information Security Officer) would
like to decrease the response time when addressing
security incidents. Unfortunately, the company does not have the budget to hire additional security engineers. Which of the following would assist the CISO with this requirement? 

❍ A. ISO 27701
❍ B. PKI
❍ C. IaaS
❍ D. SOAR

Which of the following is true of a rainbow table?
(Select TWO)
❍ A. The rainbow table is built in real-time
during the attack
❍ B. Rainbow tables are the most effective
online attack type
❍ C. Rainbow tables require significant CPU cycles
at attack time
❍ D. Different tables are required for different
hashing methods
❍ E. A rainbow table won’t be useful if the
passwords are salted

A security administrator needs to identify all computers
on the company network infected with a specific malware
variant. Which of the following would be the BEST way
to identify these systems?
❍ A. Honeynet
❍ B. Data masking
❍ C. DNS sinkhole
❍ D. DLP

Which of the following would be commonly provided
by a CASB? (Select TWO)

❍ A. List of all internal Windows devices that have
not installed the latest security patches
❍ B. List of applications in use
❍ C. Centralized log storage facility
❍ D. List of network outages for the previous month
❍ E. Verification of encrypted data transfers
❍ F. VPN connectivity for remote users

Rodney, a security engineer, is viewing this record from
the firewall logs:
UTC 04/05/2018 03:09:15809 AV Gateway Alert
136.127.92.171 80 -> 10.16.10.14 60818
Gateway Anti-Virus Alert:
XPACK.A_7854 (Trojan) blocked.
Which of the following can be observed from this
log information?
❍ A. The victim's IP address is 136.127.92.171
❍ B. A download was blocked from a web server
❍ C. A botnet DDoS attack was blocked
❍ D. The Trojan was blocked, but the file was not

A file server has a full backup performed each Monday
at 1 AM. Incremental backups are performed at 1 AM
on Tuesday, Wednesday, Thursday, and Friday. The system administrator needs to perform a full recovery of the file server on Thursday afternoon. How many backup sets would be required to complete the recovery?

❍ A. 2
❍ B. 3
❍ C. 4
❍ D. 1

Which of these cloud deployment models would share resources between a private virtualized data center and externally available cloud services?

❍ A. SaaS

❍ B. Community

❍ C. Hybrid

❍ D. Containerization

Which of these threat actors would be MOST likely to
attack systems for direct financial gain?
❍ A. Organized crime
❍ B. Hacktivist
❍ C. Nation-state

❍ D. Competitor

When a home user connects to the corporate VPN, they
are no longer able to print to their local network printer. Once the user disconnects from the VPN, the printer works normally. Which of the following would be the MOST likely reason for this issue?
❍ A. The VPN uses IPSec instead of SSL
❍ B. Printer traffic is filtered by the VPN client
❍ C. The VPN is stateful
❍ D. The VPN tunnel is configured for full tunnel