60-2

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?. A. encryption=off\. B. http://. C. www.*.com. D. :443.

At the start of a penetration test, the tester checks OSINT resources for information about the client environment. Which of the following types of reconnaissance is the tester performing?. A. Active. B. Passive. C. Offensive. D. Defensive.

A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?. A. Change management procedure. B. Information security policy. C. Cybersecurity framework. D. Secure configuration guide.

A systems administrator needs to provide traveling employees with a tool that will protect company devices regardless of where they are working. Which of the following should the administrator implement?. A. Isolation. B. Segmentation. C. ACL. D. HIPS.

The security team at a large global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?. A. Packet capture. B. Endpoint logs. C. OS security logs. D. Vulnerability scan.

A security administrator needs to reduce the attack surface in the company's data centers. Which of the following should the security administrator do to complete this task?. A. Implement a honeynet. B. Define Group Policy on the servers. C. Configure the servers for high availability. D. Upgrade end-of-support operating systems.

A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which of the following architectures is best suited for this goal?. A. Isolation. B. Segmentation. C. Virtualization. D. Redundancy.

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?. A. To reduce implementation cost. B. To identify complexity. C. To remediate technical debt. D. To prevent a single point of failure.

Which of the following is a feature of a next-generation SIEM system?. A. Virus signatures. B. Automated response actions. C. Security agent deployment. D. Vulnerability scanning.

An MSSP manages firewalls for hundreds of clients. Which of the following tools would be most helpful to create a standard configuration template in order to improve the efficiency of firewall changes?. A. SNMP. B. Benchmarks. C. Netflow. D. SCAP.

Which of the following data types best describes an AI tool developed by a company to automate the ticketing system under a specific contract?. A. Classified. B. Regulated information. C. Open source. D. Intellectual property.

Which of the following best explains a concern with OS-based vulnerabilities?. A. An exploit would give an attacker access to system functions that span multiple applications. B. The OS vendor's patch cycle is not frequent enough to mitigate the large number of threats. C. Most users trust the core operating system features and may not notice if the system has been compromised. D. Exploitation of an operating system vulnerability is typically easier than any other vulnerability.

Which of the following control types describes an alert from a SIEM tool?. A. Preventive. B. Corrective. C. Compensating. D. Detective.

In which of the following scenarios is tokenization the best privacy technique to use?. A. Providing pseudo-anonymization tor social media user accounts. B. Serving as a second factor for authentication requests. C. Enabling established customers to safely store credit card Information. D. Masking personal information inside databases by segmenting data.

Employees sign an agreement that restricts specific activities when leaving the company. Violating the agreement can result in legal consequences. Which of the following agreements does this best describe?. A. SLA. B. BPA. C. NDA. D. MOA.

The internal audit team determines a software application is no longer in scope for external reporting requirements. Which of the following will confirm management’s perspective that the application is no longer applicable?. A. Data inventory and retention. B. Right to be forgotten. C. Due care and due diligence. D. Acknowledgement and attestation.

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?. A. Shared deployment of CIS baselines. B. Joint cybersecurity best practices. C. Both companies following the same CSF. D. Assessment of controls in a vulnerability report.

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?. A. Deploy multifactor authentication. B. Decrease the level of the web filter settings. C. Implement security awareness training. D. Update the acceptable use policy.

A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?. A. IPS. B. IDS. C. WAF. D. UAT.

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?. A. ACL. B. DLP. C. IDS. D. IPS.

Which of the following describes the difference between encryption and hashing?. A. Encryption protects data in transit, while hashing protects data at rest. B. Encryption replaces cleartext with ciphertext, while hashing calculates a checksum. C. Encryption ensures data integrity, while hashing ensures data confidentiality. D. Encryption uses a public-key exchange, while hashing uses a private key.

While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?. A. Secure cookies. B. Input sanitization. C. Code signing. D. Blocklist.

Which of the following would most likely be used by attackers to perform credential harvesting?. A. Social engineering. B. Supply chain compromise. C. Third-party software. D. Rainbow table.

A company is concerned about the theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?. A. Wiping. B. Recycling. C. Shredding. D. Deletion.

A security consultant is working with a client that wants to physically isolate its secure systems. Which of the following best describes this architecture?. A. SDN. B. Air gapped. C. Containerized. D. Highly available.

Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees' normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?. A. UBA. B. EDR. C. NAC. D. DLP.

A security administrator is reissuing a former employee's laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two). A. Data retention. B. Certification. C. Tokenization. D. Classification. E. Sanitization. F. Enumeration.

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?. A. DLP. B. SNMP traps. C. SCAP. D. IPS.

A software developer would like to ensure. The source code cannot be reverse engineered or debugged. Which of the following should the developer consider?. A. Version control. B. Obfuscation toolkit. C. Code reuse. D. Continuous integration. E. Stored procedures.

Which of the following architectures is most suitable to provide redundancy for critical business processes?. A. Network-enabled. B. Server-side. C. Cloud-native. D. Multitenant.

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?. A. Partition. B. Asymmetric. C. Full disk. D. Database.

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?. A. Client. B. Third-party vendor. C. Cloud provider. D. DBA.

Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?. A. Risk mitigation. B. Risk identification. C. Risk treatment. D. Risk monitoring and review.

A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data. Which of the following is the next step the company should take?. A. Identity the attacker sentry methods. B. Report the breach to the local authorities. C. Notify the applicable parties of the breach. D. Implement vulnerability scanning of the company's systems.

Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?. A. E-discovery. B. User provisioning. C. Firewall log export. D. Root cause analysis.

During a recent log review, an analyst discovers evidence of successful injection attacks. Which of the following will best address this issue?. A. Authentication. B. Secure cookies. C. Static code analysis. D. Input validation.

An administrator is estimating the cost associated with an attack that could result in the replacement of a physical server. Which of the following processes is the administrator performing?. A. Quantitative risk analysis. B. Disaster recovery test. C. Physical security controls review. D. Threat modeling.

A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?. A. Visualization and isolation of resources. B. Network segmentation. C. Data encryption. D. Strong authentication policies.

Which of the following security controls are a company implementing by deploying HIPS? (Select two). A. Directive. B. Preventive. C. Physical. D. Corrective. E. Compensating. F. Detective.

After completing an annual external penetration test, a company receives the following guidance: ✑Decommission two unused web servers currently exposed to the internet. ✑Close 18 open and unused ports found on their existing production web servers. ✑Remove company email addresses and contact info from public domain registration records. Which of the following does this represent?. A. Attack surface reduction. B. Vulnerability assessment. C. Tabletop exercise. D. Business impact analysis.

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?. A. Obtain the file's SHA-256 hash. B. Use hexdump on the file's contents. C. Check endpoint logs. D. Query the file's metadata.

Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee's phone network port and then using tools to scan for database servers?. A. MAC filtering. B. Segmentation. C. Certification. D. Isolation.

A company relies on open-source software libraries to build the software used by its customers. Which of the following vulnerability types would be the most difficult to remediate due to the company's reliance on open-source libraries?. A. Buffer overflow. B. SQL injection. C. Cross-site scripting. D. Zero day.

Which of the following would most likely be deployed to obtain and analyze attacker activity and techniques?. A. Firewall. B. IDS. C. Honeypot. D. Layer 3 switch.

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?. A. To track the status of patching installations. B. To find shadow IT cloud deployments. C. To continuously the monitor hardware inventory. D. To hunt for active attackers in the network.

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?. A. Capacity planning. B. Redundancy. C. Geographic dispersion. D. Tablet exercise.

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?. A. IPS. B. Firewall. C. ACL. D. Windows security.

A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?. A. Secure web gateway. B. Virtual private cloud end point. C. Deep packet Inspection. D. Next-gene ration firewall.

A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?. A. Load balancer. B. Port security. C. IPS. D. NGFW.

The analyst wants to move data from production to the UAT server for testing the latest release. Which of the following strategies to protect data should the analyst use?. A. Data masking. B. Data tokenization. C. Data obfuscation. D. Data encryption.

A security analyst receives an alert that there was an attempt to download known malware. Which of the following actions would allow the best chance to analyze the malware?. A. Review the IPS logs and determine which command-and-control IPs were blocked. B. Analyze application logs to see how the malware attempted to maintain persistence. C. Run vulnerability scans to check for systems and applications that are vulnerable to the malware. D. Obtain and execute the malware in a sandbox environment and perform packet captures.

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?. A. Insider threat. B. Social engineering. C. Watering-hole. D. Unauthorized attacker.

A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added. Which of the following would be the best solution to meet these objectives?. A. Load balancing. B. Fault tolerance. C. Proxy servers. D. Replication.

A company's website is www. Company. com Attackers purchased the domain wwww. company.com Which of the following types of attacks describes this example?. A. Typosquatting. B. Brand Impersonation. C. On-path. D. Watering-hole.

A security analyst wants to automate a task that shares data between systems. Which of the following is the best option for the analyst to use?. A. SOAR. B. API. C. SFTP. D. RDP.

Which of the following is a risk of conducting a vulnerability assessment?. A. A disruption of business operations. B. Unauthorized access to the system. C. Reports of false positives. D. Finding security gaps in the system.

A university employee logged on to the academic server and attempted to guess the system administrators' log-in credentials. Which of the following security measures should the university have implemented to detect the employee's attempts to gain access to the administrators' accounts?. A. Two-factor authentication. B. Firewall. C. Intrusion prevention system. D. User activity logs.

A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?. A. Encryption at rest. B. Masking. C. Data classification. D. Permission restrictions.

A company is experiencing issues with employees leaving the company for a competitor and taking customer contact information with them. Which of the following tools will help prevent this from reoccurring?. A. FIM. B. NAC. C. IDS. D. UBA.

An employee emailed a new systems administrator a malicious web link and convinced the administrator to change the email server's password. The employee used this access to remove the mailboxes of key personnel. Which of the following security awareness concepts would help prevent this threat in the future?. A. Recognizing phishing. B. Providing situational awareness training. C. Using password management. D. Reviewing email policies.

Which of the following is the best way to validate the integrity and availability of a disaster recovery site?. A. Lead a simulated failover. B. Conduct a tabletop exercise. C. Periodically test the generators. D. Develop requirements for database encryption.

A site reliability engineer is designing a recovery strategy that requires quick failover to an identical site if the primary facility goes down. Which of the following types of sites should the engineer consider?. A. Recovery site. B. Hot site. C. Cold site. D. Warm site.