Q 0-200

Question 1

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

A.Jump server
B.RADIUS
C.HSM
D.Load balancer

Answer 1

Answer: Jump Server

Question 2

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

A.IRP
B.DRP
C.RPO
D.SDLC

Answer 2

Answer: DRP (Disaster Recovery Plan)

Question 3

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

A.Application
B.IPS/IDS
C.Network
D.Endpoint

Answer 3

Answer : Endpoint

Question 4

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

A.Risk tolerance
B.Risk transfer
C.Risk register
D.Risk analysis

Answer 4

Answer: Risk Register

Question 5

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

A.Client
B.Third-party vendor
C.Cloud provider
D.DBA

Answer 5

Answer: Client

Question 6

Which of the following must be considered when designing a high-availability network? (Choose two).

A.Ease of recovery
B.Ability to patch
C.Physical isolation
D.Responsiveness
E.Attack surface
F.Extensible authentication

Answer 6

Answer: Ease Of Recovery and Responsiveness

Question 7

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

A.Fines
B.Audit findings
C.Sanctions
D.Reputation damage

Answer 7

Answer: Audit Findings

Question 8

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

A.Capacity planning
B.Redundancy
C.Geographic dispersion
D.Tabletop exercise

Answer 8

Answer: Capacity Planning

Question 9

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?

A.Documenting the new policy in a change request and submitting the request to change management
B.Testing the policy in a non-production environment before enabling the policy in the production network
C.Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy
D.Including an “allow any” policy above the “deny any” policy

Answer 9

Answer : Testing the policy in a non-production environment before enabling the policy in the production network.

Question 10

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?

A.Local data protection regulations
B.Risks from hackers residing in other countries
C.Impacts to existing contractual obligations
D.Time zone differences in log correlation

Answer 10

answer is A. Local data protection regulations.

Question 11

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

A.Conduct an audit.
B.Initiate a penetration test.
C.Rescan the network.
D.Submit a report.

Answer 11

Answer: Rescan the network

Question 11

Which of the following allows for the attribution of messages to individuals?

A.Adaptive identity
B.Non-repudiation
C.Authentication
D.Access logs

Answer 11

answer is Non-repudiation.

Question 11

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

A.SCAP
B.NetFlow
C.Antivirus
D.DLP

Answer 11

answer is DLP (Data Loss Prevention).

Question 12

An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making this addition to the policy?

A.Identify embedded keys
B.Code debugging
C.Input validation
D.Static code analysis

Answer 12

answer is C. Input validation.

Question 12

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

A.Place posters around the office to raise awareness of common phishing activities.
B.Implement email security filters to prevent phishing emails from being delivered.
C.Update the EDR policies to block automatic execution of downloaded programs.
D.Create additional training for users to recognize the signs of phishing attempts

Answer 12

answer is C: Update the EDR policies to block automatic execution of downloaded programs.

Question 13

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

A.Tuning
B.Aggregating
C.Quarantining
D.Archiving

Answer 13

answer is A. Tuning.

Question 14

Which of the following is the most likely to be included as an element of communication in a security awareness program?

A.Reporting phishing attempts or other suspicious activities
B.Detecting insider threats using anomalous behavior recognition
C.Verifying information when modifying wire transfer data
D.Performing social engineering as part of third-party penetration testing

Answer 14

answer is A. Reporting phishing attempts or other suspicious activities.

Question 15

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

A.Preparation
B.Recovery
C.Lessons learned
D.Analysis

Answer 15

The correct answer is A. Preparation.

Question 16

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

A.Console access
B.Routing protocols
C.VLANs
D.Web-based administration

Answer 16

Answer: Web-based administration

Question 16

A security administrator needs a method to secure data in an environment that includes some form of checks so track any changes. Which of the following should the administrator set up to achieve this goal?

A.SPF
B.GPO
C.NAC
D.FIM

Answer 16

Answer: FIM (File Integrity Monitoring)

Question 17

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Choose two.)

A.Key escrow
B.TPM presence
C.Digital signatures
D.Data tokenization
E.Public key management
F.Certificate authority linking

Answer 17

Answer is :Key escrow and TPM presence

Question 18

Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

A.Remote access points should fail closed.
B.Logging controls should fail open.
C.Safety controls should fail open.
D.Logical security controls should fail closed.

Answer 18

The correct answer is Safety controls should fail open

Question 19

Which of the following would be best suited for constantly changing environments?

A.RTOS
B.Containers
C.Embedded systems
D.SCADA

Answer 19

Answer: Containers

Question 20

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

A.Default credentials
B.Non-segmented network
C.Supply chain vendor
D.Vulnerable software

Answer 20

The correct answer is Vulnerable software.

Question 20

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider? A.Software as a service B.Infrastructure as code C.Internet of Things D.Software-defined networking

Answer 20

The correct answer is Infrastructure as Code (IaC)

Question 21

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives? A.Deploying a SASE solution to remote employees B.Building a load-balanced VPN solution with redundant internet C.Purchasing a low-cost SD-WAN solution for VPN traffic D.Using a cloud provider to create additional VPN concentrators

Answer 21

Answer: Deploying a SASE solution to remote employees

Question 22

Which of the following best ensures minimal downtime and data loss for organizations with critical computing equipment located in earthquake-prone areas? A.Generators and UPS B.Off-site replication C.Redundant cold sites D.High availability networking

Answer 22

Answer is off-site replication

Question 23

A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mitigate this vulnerability quickly? A.Insurance B.Patching C.Segmentation D.Replacement

Answer 23

Answer: Segmentation

Question 24

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems? A.Red B.Blue C.Purple D.Yellow

Answer 24

The correct answer is purple

Question 25

A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario? A.End of business B.End of testing C.End of support D.End of life

Answer 25

The correct answer is End of Support.

Question 26

A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing? A.Concurrent session usage B.Secure DNS cryptographic downgrade C.On-path resource consumption D.Reflected denial of service

Answer 26

The best answer is Reflected denial of service.

Question 27

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group? A.RBAC B.ACL C.SAML D.GPO

Answer 27

The correct answer is RBAC (Role-Based Access Control)

Question 28

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Choose two.) A.Federation B.Identity proofing C.Password complexity D.Default password changes E.Password manager F.Open authentication

Answer 28

The correct answers are Federation and Password complexity.

Question 29

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address? A.VM escape B.SQL injection C.Buffer overflow D.Race condition

Answer 29

The correct answer is Buffer overflow.

Question 30

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented? A.Mitigate B.Accept C.Transfer D.Avoid

Answer 30

The correct answer is Mitigate.

Question 31

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Choose two.) A.Channels by which the organization communicates with customers B.The reporting mechanisms for ethics violations C.Threat vectors based on the industry in which the organization operates D.Secure software development training for all personnel E.Cadence and duration of training events F.Retraining requirements for individuals who fail phishing simulations

Answer 31

Answer: Threat vectors based on the industry in which the organization operates AND Cadence and duration of training events

Question 32

Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk? A.ARO B.RTO C.RPO D.ALE E.SLE

Answer 32

Answer Is ALE (Annualized Loss Expectancy)

Question 33

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.) A.Application B.Authentication C.DHCP D.Network E.Firewall F.Database

Answer 33

The correct answer is (Network Logs) and E (Firewall Logs)

Question 33

In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique? A.Key stretching B.Tokenization C.Data masking D.Salting

Answer 33

Answer: Salting

Question 34

A technician is deploying a new security camera. Which of the following should the technician do? A.Configure the correct VLAN. B.Perform a vulnerability scan. C.Disable unnecessary ports. D.Conduct a site survey.

Answer 34

The correct answer is . Conduct a site survey.

Question 35

During a penetration test, a vendor attempts to enter an unauthorized area using an access badge. Which of the following types of tests does this represent? A.Defensive B.Passive C.Offensive D.Physical

Answer 35

The correct answer is Physical

Question 36

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using? A.DLP B.SNMP traps C.SCAP D.IPS

Answer 36

The correct answer is DLP (Data Loss Prevention)

Question 37

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend? A.Tokenization B.Hashing C.Obfuscation D.Segmentation

Answer 37

The correct answer is Hashing.

Question 38

Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network? A.IDS B.ACL C.EDR D.NAC

Answer 38

The correct answer is EDR (Endpoint Detection and Response)

Question 39

Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept? A.Availability B.Confidentiality C.Integrity D.Non-repudiation

Answer 39

The correct answer is Confidentiality.

Question 40

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used? A.Business email B.Social engineering C.Unsecured network D.Default credentials

Answer 40

The answer is Business email compromise (BEC)

Question 40

Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry? A.Compliance reporting B.GDPR C.Due diligence D.Attestation

Answer 40

The correct answer is Due diligence.

Question 41

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program? A.Reporting structure for the data privacy officer B.Request process for data subject access C.Role as controller or processor D.Physical location of the company

Answer 41

The correct answer is Request process for data subject access

Question 42

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next? A.IPS B.Firewall C.AСL D.Windows security

Answer 42

The correct answer is Firewall.

Question 43

A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices? A.Virtualization and isolation of resources B.Network segmentation C.Data encryption D.Strong authentication policies

Answer 43

The correct answer is : Virtualization and isolation of resources.

Question 44

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain's URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack? A.End user training B.Policy review C.URL scanning D.Plain text email

Answer 44

The correct answer is End user training.

Question 45

A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information? A.Validate the code signature. B.Execute the code in a sandbox. C.Search the executable for ASCII strings. D.Generate a hash of the files.

Answer 45

Answer: Validate The code signature

Question 46

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security? A.Installing HIDS on the system B.Placing the system in an isolated VLAN C.Decommissioning the system D.Encrypting the system's hard drive

Answer 46

The correct answer is Placing the system in an isolated VLAN.

Question 47

A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity? A.Espionage B.Data exfiltration C.Nation-state attack D.Shadow IT

Answer 47

The correct answer is Shadow IT.