60-3

A government worker secretly copies classified files that contain defense tactics information to an external drive. The government worker then gives the external drive to a corrupt organization. Which of the following best describes the motivation of the worker?. A. Espionage. B. Data exfiltration. C. Financial gain. D. Blackmail.

A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?. A. Port security. B. Web application firewall. C. Transport layer security. D. Virtual private network.

Which of the following would be the most appropriate way to protect data in transit?. A. SHA-256. B. SSL 3.0. C. TLS 1.3. D. AES-256.

A security architect wants to prevent employees from receiving malicious attachments by email. Which of the following functions should the chosen solution do?. A. Apply IP address reputation data. B. Tap and monitor the email feed. C. Scan email traffic inline. D. Check SPF records.

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?. A. Tabletop exercise. B. Penetration test. C. Geographic dispersion. D. Incident response.

An IT administrator needs to ensure data retention standards are implemented on an enterprise application. Which of the Mowing describes the administrator's role?. A. Processor. B. Custodian. C. Privacy officer. D. Owner.

Which of the following scenarios describes a possible business email compromise attack?. A. An employee receives a gift card request in an email that has an executive's name in the display field of the email. B. Employees who open an email attachment receive messages demanding payment in order to access files. C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account. D. An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?. A. Console access. B. Routing protocols. C. VLANs. D. Web-based administration.

An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company's security awareness training program?. A. Insider threat detection. B. Simulated threats. C. Phishing awareness. D. Business continuity planning.

Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion. Which of the following is the most efficient way to address these requests?. A. Hire a vendor to perform a penetration test. B. Perform an annual self-assessment. C. Allow each client the right to audit. D. Provide a third-party attestation report.

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?. A. Wireless access point. B. Switch. C. Firewall. D. NAC.

Which of the following security measures is required when using a cloud-based platform for loT management?. A. Encrypted connection. B. Federated identity. C. Firewall. D. Single sign-on.

An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Select two). A. Disable default accounts. B. Add the server to the asset inventory. C. Remove unnecessary services. D. Document default passwords. E. Send server logs to the SIEM. F. Join the server to the corporate domain.

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated: “I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.” Which of the following are the best responses to this situation? (Choose two). A. Cancel current employee recognition gift cards. B. Add a smishing exercise to the annual company training. C. Issue a general email warning to the company. D. Have the CEO change phone numbers. E. Conduct a forensic investigation on the CEO's phone. F. Implement mobile device management.

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?. A. Hardening. B. Employee monitoring. C. Configuration enforcement. D. Least privilege.

Which of the following receives logs from various devices and services, and then presents alerts?. A. SIEM. B. SCADA. C. SNMP. D. SCAP.

Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?. A. SOAR. B. CVSS. C. SIEM. D. CVE.

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?. A. Creating group policies to enforce password rotation on domain administrator credentials. B. Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords. C. Integrating the domain administrator's group with an IdP and requiring SSO with MFA for all access. D. Securing domain administrator credentials in a PAM vault and controlling access with role-based access control.

An employee in the accounting department receives an email containing a demand for payment tot services performed by a vendor However, the vendor is not in the vendor management database. Which of the following in this scenario an example of?. A. Pretexting. B. Impersonation. C. Ransomware. D. Invoice scam.

A business provides long-term cold storage services to banks that are required to follow regulator-imposed data retention guidelines. Banks that use these services require that data is disposed of in a specific manner at the conclusion of the regulatory threshold for data retention. Which of the following aspects of data management is the most important to the bank in the destruction of this data?. A. Encryption. B. Classification. C. Certification. D. Procurement.

An external vendor recently visited a company's headquarters tor a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?. A. Government. B. Public. C. Proprietary. D. Critical.

Which of the following technologies can achieve microsegmentation?. A. Next-generation firewalls. B. Software-defined networking. C. Embedded systems. D. Air-gapped.

Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company's internal network?. A. VPN. B. LDAP. C. FTP. D. RADIUS.

Which of the following provides the details about the terms of a test with a third-party penetration tester?. A. Rules of engagement. B. Supply chain analysis. C. Right to audit clause. D. Due diligence.

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?. A. Scalability. B. Availability. C. Cost. D. Ease of deployment.

A company wants to ensure secure remote access to its internal network. The company has only one public IP and would like to avoid making any changes to the current network setup. Which of the following solutions would best accomplish this goal?. A. PAT. B. IPSec VPN. C. Perimeter network. D. Reverse proxy.

An administrator is Investigating an incident and discovers several users’ computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks Is most likely the cause of the malware?. A. Malicious flash drive. B. Remote access Trojan. C. Brute-forced password. D. Cryptojacking.

A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?. A. Internal audit. B. Penetration testing. C. Attestation. D. Due diligence.

Which of the following allows a systems administrator to tune permissions for a file?. A. Patching. B. Access control list. C. Configuration enforcement. D. Least privilege.

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?. A. Asset inventory. B. Network enumeration. C. Data certification. D. Procurement process.

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?. A. Off-the-shelf software. B. Orchestration. C. Baseline. D. Policy enforcement.

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?. A. Security of cloud providers. B. Cost of implementation. C. Ability of engineers. D. Security of architecture.

A systems administrator receives an alert that a company's internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server: Which of the following indicators most likely triggered this alert?. A. Concurrent session usage. B. Network saturation. C. Account lockout. D. Resource consumption.

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?. A. Network. B. System. C. Application. D. Authentication.

Which of the following is the best reason to perform a tabletop exercise?. A. To address audit findings. B. To collect remediation response times. C. To update the IRP. D. To calculate the ROI.

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?. A. The SMS OTP method requires an end user to have an active mobile telephone service and SIM card. B. Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds. C. The SMS OTPis more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method. D. The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code.

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?. A. Hacktivists. B. Script kiddies. C. Competitors. D. Shadow IT.

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?. A. Enumeration. B. Sanitization. C. Destruction. D. Inventory.

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non- business hours. Which of the following is most likely occurring?. A. A worm is propagating across the network. B. Data is being exfiltrated. C. A logic bomb is deleting data. D. Ransomware is encrypting files.

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?. A. Red. B. Blue. C. Purple. D. Yellow.

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?. A. Pass. B. Hybrid cloud. C. Private cloud. D. IaaS. E. SaaS.

A security analyst reviews domain activity logs and notices the following: Which of the following is the best explanation for what the security analyst has discovered?. A. The user jsmith's account has been locked out. B. A keylogger is installed on [smith's workstation. C. An attacker is attempting to brute force ismith's account. D. Ransomware has been deployed in the domain.

Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Select two). A. Easter debugging of the system. B. Reduced cost of ownership of the system. C. Improved scalability of the system. D. Increased compartmentalization of the system. E. Stronger authentication of the system. F. Reduced complexity of the system.

A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two). A. Private. B. Confidential. C. Public. D. Operational. E. Urgent. F. Restricted.

A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?. A. SPF. B. GPO. C. NAC. D. FIM.

A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?. A. chmod. B. grep. C. dd. D. passwd.

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?. A. Business continuity. B. Physical security. C. Change management. D. Disaster recovery.

Which of the following is the best reason to complete an audit in a banking environment?. A. Regulatory requirement. B. Organizational change. C. Self-assessment requirement. D. Service-level requirement.

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?. A. Upgrading to a next-generation firewall. B. Deploying an appropriate in-line CASB solution. C. Conducting user training on software policies. D. Configuring double key encryption in SaaS platforms.

For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor's website?. A. To test the integrity of the file. B. To validate the authenticity of the file. C. To activate the license for the file. D. To calculate the checksum of the file.

A company's accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account. Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?. A. Phishing campaign. B. Data exfiltration. C. Pretext calling. D. Business email compromise.

After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?. A. Compensating. B. Detective. C. Preventive. D. Corrective.

An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service. Which of the following is the engineer most likely to deploy?. A. Layer 4 firewall. B. NGFW. C. WAF. D. UTM.

Which of the following phases of the incident response process attempts to minimize disruption?. A. Recovery. B. Containment. C. Preparation. D. Analysis.

Which of the following is the act of proving to a customer that software developers are trained on secure coding?. A. Assurance. B. Contract. C. Due diligence. D. Attestation.

Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access?. A. Recovery site. B. Cold site. C. Hot site. D. Warm site.

Which of the following is the best way to securely store an encryption key for a data set in a manner that allows multiple entities to access the key when needed?. A. Public key infrastructure. B. Open public ledger. C. Public key encryption. D. Key escrow.

Which of the following is the best way to remove personal data from a social media account that is no longer being used?. A. Exercise the right to be forgotten. B. Uninstall the social media application. C. Perform a factory reset. D. Terminate the social media account.

Which of the following organizational documents is most often used to establish and communicate expectations associated with integrity and ethical behavior within an organization?. A. AUP. B. SLA. C. EULA. D. MOA.

A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years. Which of the following documents would provide the best way to set the general terms?. A. MSA. B. NDA. C. MOU. D. SLA.

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the user’s activity?. A. Penetration testing. B. Phishing campaign. C. External audit. D. Insider threat.

Which of the following agreements defines response time, escalation, and performance metrics?. A. BPA. B. MOA. C. NDA. D. SLA.

A security team purchases a tool for cloud security posture management. The team is quickly overwhelmed by the number of misconfigurations that the tool detects. Which of the following should the security team configure to establish workflows for cloud resource security?. A. CASB. B. IAM. C. SOAR. D. XDR.

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?. A. Implementing encryption. B. Monitoring outbound traffic. C. Using default settings. D. Closing all open ports.