Last 60-1

Which of the following data types relates to data sovereignty?. A. Data classified as public in other countries. B. Personally Identifiable data while traveling. C. Health data shared between doctors in other nations. D. Data at rest outside of a country's borders.

A Chief Security Officer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN. Which of the following is the most likely explanation for this activity?. A. The company built a new file-sharing site. B. The organization is preparing for a penetration test. C. The security team is integrating with an SASE platform. D. The security team created a honeynet.

Since a recent upgrade to a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAP's in the area. The WAP's are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?. A. Channel overlap. B. Encryption type. C. New WLAN deployment. D. WAP placement.

A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?. A. TPM (Trusted Platform Module). B. CRL (Certificate Revocation List). C. PKI (Public Key Infrastructure). D. CSR (Certificate Signing Request).

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities. Which the operations team remediates. Which of the following should be done next?. A. Conduct an audit. B. Initiate a penetration test. C. Rescan the network. D. Submit a report.

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?. A. Reporting structure for the data privacy officer. B. Request process for data subject access. C. Role as controller or processor. D. Physical location of the company.

Which of the following actions would reduce the number of false positives for an analyst to manually review?. A. Create playbooks as part of a SOAR platform. B. Redefine the patch management process. C. Replace an EDR tool with an XDR solution. D. Disable AV heuristics scanning.

Which of the following is a benefit of vendor diversity?. A. Patch availability. B. Zero-day resiliency. C. Secure configuration guide applicability. D. Load balancing.

A security analyst is assessing several company firewalls. Which of the following cools would the analyst most likely use to generate custom packets to use during the assessment?. A. hping. B. Wireshark. C. PowerShell. D. netstat.

A security engineer would like to enhance the use of automation and orchestration within the SIEM. Which of the following would be the primary benefit of this enhancement?. A. It increases complexity. B. It removes technical debt. C. It adds additional guard rails. D. It acts as a workforce multiplier.

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?. A. Compensating control. B. Network segmentation. C. Transfer of risk. D. SNMP traps.

Which of the following tasks is typically included in the BIA (Business Impact Analysis) process?. A. Estimating the recovery time of systems. B. Identifying the communication strategy. C. Evaluating the risk management plan. D. Establishing the backup and recovery procedures. E. Developing the incident response plan.

A service provider wants a cost-effective way to rapidly expand from providing internet links to managing them. Which of the following methods will allow the service provider to best scale its services while maintaining performance consistency?. A. Escalation support. B. Increased workforce. C. Baseline enforcement. D. Technical debt.

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Select two.). A. Tokenization. B. Cryptographic downgrade. C. SSH tunneling. D. Segmentation. E. Patch installation. F. Data masking.

A security officer observes that a software development team is not complying with its corporate security policy on encrypting confidential data. Which of the following categories refers to this type of non-compliance?. A. External. B. Standard. C. Regulation. D. Internal.

A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?. A. MOA. B. SOW. C. MOU. D. SLA.

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?. A. Deploy, maintain, establish. B. Establish, maintain, deploy. C. Establish, deploy, maintain. D. Deploy, establish, maintain.

A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?. A. Host-based firewall. B. Web application firewall. C. Access control list. D. Application allow list.

Which of the following must be considered when designing a high-availability network? (Choose two). A. Ease of recovery. B. Ability to patch. C. Physical isolation. D. Responsiveness. E. Attack surface. F. Extensible authentication.

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?. A. Software as a service. B. Infrastructure as code. C. Internet of Things. D. Software-defined networking.

Which of the following should an internal auditor check for first when conducting an audit of the organization's risk management program?. A. Policies and procedures. B. Asset management. C. Vulnerability assessment. D. Business impact analysts.

An organization wants to donate its aging network hardware. Which of the following should the organization perform to prevent any network details from leaking?. A. Destruction. B. Sanitization. C. Certification. D. Data retention.

While a school district is performing state testing, a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network and then terminates access for the host. Which of the following is most likely responsible for this malicious activity?. A. Unskilled attacker. B. Shadow IT. C. Credential stuffing. D. DMARC failure.

An accountant is transferring information to a bank over FTP. Which of the following mitigations should the accountant use to protect the confidentiality of the data?. A. Tokenization. B. Data masking. C. Encryption. D. Obfuscation.

A penetration test identifies that an SMBv1 Is enabled on multiple servers across an organization. The organization wants to remediate this vulnerability in the most efficient way possible. Which of the following should the organization use for this purpose?. A. GPO. B. ACL. C. SFTP. D. DLP.

A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?. A. Processor. B. Custodian. C. Subject. D. Owner.

An analyst identifies that multiple users have the same passwords, but the hashes appear to be completely different. Which of the following most likely explains this issue?. A. Data masking. B. Salting. C. Key escrow. D. Tokenization.

The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening?. A. Using least privilege. B. Changing the default password. C. Assigning individual user IDs. D. Reviewing logs more frequently.

Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?. A. Right to be forgotten. B. Sanctions. C. External compliance reporting. D. Attestation.

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?. A. A thorough analysis of the supply chain. B. A legally enforceable corporate acquisition policy. C. A right to audit clause in vendor contracts and SOWs. D. An in-depth penetration test of all suppliers and vendors.

A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?. A. Validate the code signature. B. Execute the code in a sandbox. C. Search the executable for ASCII strings. C. Search the executable for ASCII strings.

A security administrator receives multiple reports about the same suspicious email. Which of the following is the most likely reason for the malicious email's continued delivery?. A. Employees are flagging legitimate emails as spam. B. Information from reported emails is not being used to tune email filtering tools. C. Employees are using shadow IT solutions for email. D. Employees are forwarding personal emails to company email addresses.

An organization's web servers host an online ordering system. The organization discovers that the servers are vulnerable to a malicious JavaScript injection, which could allow attackers to access customer payment information. Which of the following mitigation strategies would be most effective for preventing an attack on the organization's web servers? (Select two). A. Regularly updating server software and patches. B. Implementing strong password policies. C. Encrypting sensitive data at rest and in transit. D. Utilizing a web-application firewall. E. Performing regular vulnerability scans. F. Removing payment information from the servers.

The physical security team at a company receives reports that employees are not displaying their badges. The team also observes employees tailgating at controlled entrances. Which of the following topics will the security team most likely emphasize in upcoming security training?. A. Social engineering. B. Situational awareness. C. Phishing. D. Acceptable use policy.

An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems. Which of the following is the most likely reason for the new requirement?. A. To defend against insider threats altering banking details. B. To ensure that errors are not passed to other systems. C. To allow for business insurance to be purchased. D. To prevent unauthorized changes to financial data.

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be Implemented to allow for this type of access? (Select two). A. SSH. B. SNMP. C. RDP. D. S/MIME. E. SMTP. F. SFTP.

Which of the following technologies assists in passively verifying the expired status of a digital certificate?. A. OCSP (Online Certificate Status Protocol). B. CRL (Certificate Revocation Lists). C. TPM (Trusted Platform Module). D. CSR (Certificate Signing Request).

A network manager wants to protect the company's VPN by implementing multifactor authentication that uses: . Something you know . Something you have . Something you are Which of the following would accomplish the manager's goal?. A. Domain name, PKI, GeolP lookup. B. VPN IP address, company ID, facial structure. C. Password, authentication token, thumbprint. D. Company URL, TLS certificate, home address.

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?. A. Risk tolerance. B. Risk transfer. C. Risk register. D. Risk analysis.

A customer of a large company receives a phone call from someone claiming to work for the company and asking for the customer's credit card information. The customer sees the caller ID is the same as the company's main phone number. Which of the following attacks is the customer most likely a target of?. A. Phishing. B. Whaling. C. Smishing. D. Vishing.

A security analyst is reviewing the following logs: Which of the following attacks is most likely occurring?. A. Password spraying. B. Account forgery. C. Pass-the-hash. D. Brute-force.

Which of the following definitions best describes the concept of log co-relation?. A. Combining relevant logs from multiple sources into one location. B. Searching end processing, data to identify patterns of malicious activity. C. Making a record of the events that occur in the system. D. Analyzing the log files of the system components.

An organization recently updated its security policy to include the following statement: Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application. Which of the following best explains the security technique the organization adopted by making this addition to the policy?. A. Identify embedded keys. B. Code debugging. C. Input validation. D. Static code analysis.

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?. A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53. B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53. C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53. D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53.

Which of the following are the best security controls for controlling on-premises access? (Select two.). A. Swipe card. B. Picture ID. C. Phone authentication application. D. Biometric scanner. E. Camera. F. Memorable.

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?. A. Installing HIDS on the system. B. Placing the system in an isolated VLAN. C. Decommissioning the system. D. Encrypting the system's hard drive.

Which of the following is prevented by proper data sanitization?. A. Hackers' ability to obtain data from used hard drives. B. Devices reaching end-of-life and losing support. C. Disclosure of sensitive data through incorrect classification. D. Incorrect inventory data leading to a laptop shortage.

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 802.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid username and password must be entered in a captive portal. The following is the audit report: Which of the following is the most likely way a rogue device was allowed to connect?. A. A user performed a MAC cloning attack with a personal device. B. A DMCPfailure caused an incorrect IP address to be distributed. C. An administrator bypassed the security controls for testing. D. DNS hijacking let an attacker intercept the captive portal traffic.

Which of the following would best allow a company to prevent access to systems from the Internet?. A. Containerization. B. Virtualization. C. SD-WAN. D. Air-gapped.

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?. A. Smishing. B. Disinformation. C. Impersonating. D. Whaling.

Which of the following should an organization use to protect its environment from external attacks conducted by an unauthorized hacker?. A. ACL. B. IDS. C. HIDS. D. NIPS.

Which of the following would be best suited for constantly changing environments?. A. RTOS. B. Containers. C. Embedded systems. D. SCADA.

Which of the following should be deployed on an externally facing web server in order to establish an encrypted connection?. A. Public key. B. Private Key. C. Asymmetric key. D. Symmetric key.

Which of the following attacks primarily targets insecure networks?. A. Evil twin. B. Impersonation. C. Watering hole. D. Pretexting.

The management team notices that new accounts that are set up manually do not always have correct access or permissions. Which of the following automation techniques should a systems administrator use to streamline account creation?. A. Guard rail script. B. Ticketing workflow. C. Escalation script. D. User provisioning script.

A systems administrator needs to ensure the secure communication of sensitive data within the organization's private cloud. Which of the following is the best choice for the administrator to implement?. A. IPSec. B. SHA-1. C. RSA. D. TGT.

Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?. A. Exposure factor. B. CVSS. C. CVE. D. Industry impact.

A security analyst is reviewing logs and discovers the following: Which of the following should be used lo best mitigate this type of attack?. A. Input sanitization. B. Secure cookies. C. Static code analysis. D. Sandboxing.

In which of the following will unencrypt PLC management traffic most likely be found?. A. SDN. B. IoT. C. VPN. D. SCADA.

An organization wants to improve the company's security authentication method for remote employees. Given the following requirements: • Must work across SaaS and internal network applications • Must be device manufacturer agnostic • Must have offline capabilities Which of the following would be the most appropriate authentication method?. A. Username and password. B. Biometrics. C. SMS verification. D. Time-based tokens.