Show:
Security Tools
Attacks & Threats
Access Control & IAM
Security Concepts
Scenario / Mixed
100

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

A. NGFW

B. WAF

C. TLS

D. SD-WAN

What is WAF

100

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering

attacks occurred?

A. Brand impersonation

B. Pretexting

C. Typosquatting

D. Phishing

D. What is Phishing

100

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

A. SSO

B. LEAP

C. MFA

D. PEAP

A: What is SSO

100

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

A. Hardening

B. Employee monitoring

C. Configuration enforcement

D. Least privilege

D: What is Least privilege

100

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

A. Jump server

B. RADIUS

C. HSM

D. Load balancer

A: What is Jump server

200

A security analyst is reviewing alerts in the SIEM related to potential malicious network

traffic coming from an employee’s corporate laptop. The security analyst has determined

that additional data about the executable running on the machine is necessary to continue

the investigation. Which of the following logs should the analyst use as a data source?

A. Application

B. IPS/IDS

C. Network

D. Endpoint

D What is Endpoint

200

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

A. Typosquatting

B. Phishing

C. Impersonation

D. Vishing

E. Smishing

F. Misinformation

C and E: What is Impersonation and Smishing

200

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

A. Multifactor authentication

B. Permissions assignment

C. Access management

D. Password complexity

A: What is Multifactor authentication

200

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

A. Accept

B. Transfer

C. Mitigate

D. Avoid

B: What is transfer

200

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

A. IRP

B. DRP

C. RPO

D. SDLC

B: What is DRP

300

During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

B. What is access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

300

Which of the following scenarios describes a possible business email compromise attack?

A. An employee receives a gift card request in an email that has an executive’s name in the display field of the email.

B. Employees who open an email attachment receive messages demanding payment in order to access files.

C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

D. An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal.

C: What is A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

300

An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

A. RDP server

B. Jump server

C. Proxy server

D. Hypervisor

B: What is Jump server

300

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

A. Risk tolerance

B. Risk transfer

C. Risk register

D. Risk analysis

C: What is Risk register

300

A company is expanding its threat surface program and allowing individuals to security

test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

A. Open-source intelligence

B. Bug bounty

C. Red team

D. Penetration testing

B: What is Bug bounty

400

A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

A. The end user changed the file permissions.

B. A cryptographic collision was detected.

C. A snapshot of the file system was taken.

D. A rootkit was deployed.

D. What is A rootkit was deployed.

400

A security analyst is reviewing the following logs: 

Which of the following attacks is most likely occurring?

A. Password spraying

B. Account forgery

C. Pass-the-hash

D. Brute-force

A: What is Password spraying

400

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

A. Data masking

B. Encryption

C. Geolocation policy

D. Data sovereignty regulation

C. What is Geolocation policy

400

Which of the following must be considered when designing a high-availability network? (Choose two).

A. Ease of recovery

B. Ability to patch

C. Physical isolation

D. Responsiveness

E. Attack surface

F. Extensible authentication

A & D: What is Ease of recovery and Responsiveness

400

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

A. Air gap the system.

B. Move the system to a different network segment.

C. Create a change control request.

D. Apply the patch to the system.

C: What is Create a change control request.

500

A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

A. Secure cookies

B. Version control

C. Input validation

D. Code signing

C. What is Input validation

500

Which of the following enables the use of an input field to run commands that can view or manipulate data?

A. Cross-site scripting

B. Side loading

C. Buffer overflow

D. SQL injection

D. What is SQL injection

500

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

A. Secured zones

B. Subject role

C. Adaptive identity

D. Threat scope reduction

B: What is Subject role

500

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

A. Capacity planning

B. Redundancy

C. Geographic dispersion

D. Tabletop exercise

A: What is Capacity planning

500

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

A. Documenting the new policy in a change request and submitting the request to change management

B. Testing the policy in a non-production environment before enabling the policy in the production network

C. Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy

D. Including an “allow any” policy above the “deny any” policy

B: What is Testing the policy in a non-production environment before enabling the policy in the production network