Test Questions Flashcards
1
Q
A governmental agency is storing information for a new project on a fileshare. The system has been classified as critical to the project. How should this project data be classified? (Select TWO)
� Private
� Confidential
� Public
� Unrestricted
� Restricted
A
Confidential
Restricted
2
Q
A perimeter firewall is set up to block suspicious connections. The system administrator notices a suspicious connection between internal hosts. Which of the following should be used to prevent this communication?
� Host-based firewall
� Cloud Access Security Broker
� Access control list
� Application allow list
A
Host Based Firewall - installed on individual computers or hosts and can be used to control traffic between internal hosts
3
Q
A technician has been tasked with applying a firmware update. Which of the following is being affected?
� Application
� BIOS
� Dump file
� Windows 10
A
BIOS.
4
Q
Which of the following exercises should an organization use to thoroughly review a new incidence response procedure?
� Tabletop
� High availability
� Failover
� Simulation
A
Tabletop exercises involve discussing and analyzing hypothetical scenarios, allowing teams to walk through the incident response procedure step by step, identify gaps, and ensure that all stakeholders understand their roles and responsibilities
5
Q
A system administrator is setting up authentication for a new SaaS application and would like to reduce the overhead burden for authentication of each user between Active Directory and the cloud application. The company has decided to use Active Directory credentials for the application. Which of the following methods would meet this requirement?
� SSO
� 802.1x
� EAP-TTLS
� EAP-FAST
A
SSO allows users to log in once and access multiple applications without re-entering credentials, meeting the requirement of reducing authentication overhead between Active Directory and the SaaS application.
6
Q
A company is planning a disaster recovery site and needs to ensure any environmental disaster does not result in complete loss of data. Which of the following should be implemented?
� Warm site
� Clustering
� Hot site
� Geographic dispersion
A
Geographic dispersion involves the set up of data centers or disaster recovery sites in different geographical regions, thereby reducing the risk of data loss due to environmental disasters in any single location.
7
Q
A network technician is going to upgrade the mail server to a newer version of software. Which of the following steps should be completed first?
� Perform a firmware upgrade.
� Submit a change control request.
� Remove the mail server from the network.
� Ensure the current mail server is fully patched.
A
Submitting a change control request is an important step in a controlled IT environment. The change control request outlines the changes being made.
8
Q
A suspicious caller rang the Human Resources Manager and requested her credit card information to pay a bill. This is MOST LIKELY an example of which of the following attacks?
� Phishing
� Social engineering
� Impersonation
� Whaling
A
Social engineering
9
Q
A network engineer placed a firewall in front of a legacy critical system. Which of the following best describes the action that the engineer carried out?
� Compensating controls
� Segmentation
� Risk transfer
� Risk tolerance
A
Compensating controls are security measures put in place to mitigate risks when the primary control is not feasible or effective.
10
Q
A military unit is leaving a location in the middle east and has hired a Department of Defense contractor to dispose of the data on classified systems and paper classified waste. Which of the following will the contractor provide to the military unit?
� Asset Register
� Certificate
� Inventory List
� Method of destruction
A
When sensitive or classified data and materials are disposed of, a Certificate of Destruction is often issued as proof that the data or materials have been properly and securely destroyed.
11
Q
Which of the following automation use cases would benefit the company’s security posture by updating security permissions immediately after an employee leaves the organization?
� Disabling access.
� Implementing least privilege.
� Change Advisory Board
� Escalating permission requests
A
Disabling access promptly upon an employee’s departure enhances security by helping to prevent unauthorized access to company resources and data.
12
Q
Which of the following is a vulnerability that could affect a router or a printer?
� Firmware version
� Buffer overflow
� SQL injection
� Integer overflow
A
The firmware version of a device can contain security vulnerabilities. Manufacturers often release updates to patch these vulnerabilities and improve device security.
13
Q
A security administrator finds files with a file extension of .ryk on three of their systems during an attack. Which of the following types of malware has infected the systems?
� Polymorphic Virus
� Backdoor
� Ransomware
� Remote Access Trojan (RAT)
A
Ransomware is when malware is used to encrypt files and then a ransom is demanded for decryption. The presence of a .ryk extension is an application called RYUK ransomware
14
Q
A Cloud Service Provider based in Texas is considering expanding its operations internationally to include major European businesses. Which of the following should the hosting provider consider first prior to this expansion? (Choose TWO)
� General Data Protection Regulations
� Threats from Nation States
� Local data protection regulations
� CCPA
A
Local Data Protection Regulations
GDPR - General Data Protection Requlations
15
Q
During a security inspection, an employee was found to have installed a computer game on his company desktop. This could have been more serious had it been malware. What can the security team do to stop incidents like this?
� Windows defender firewall
� Least privilege
� Application block list
� Application allow list
A
Application Allow List - Ensures that only approved and trusted software can run on company desktops, thereby effectively preventing the installation and execution of unauthorized software or malware.
16
Q
Which of the following topics should the cybersecurity administrator include in their upcoming presentation in the annual security awareness program? (Choose TWO)
� How to recognize and report a phishing attack
� Detecting insider threats using anomalous behavior recognition.
� Confirming information on a word document.
� Reporting suspicious activities
A
How to recognize and report a phishing attack
Reporting suspicious activities
17
Q
A cybersecurity administrator is creating a way to present a monthly report of data collected in the IT infrastructure to the board of directors. Which of the following should the systems administrator use?
� Excel spreadsheet
� Dashboard
� Metadata
� PowerPoint presentation
A
Dashboards
18
Q
A user attended a presentation based on how to identify and report a phishing attack. To which of the following categories does this presentation belong?
� Annual risk training
� Security awareness training
� Compliance training
� Communication skills training
A
Security Awareness Training
19
Q
The chief executive officer of an organization has decided to use a third party to complete a penetration test to measure the organization’s security. Which of the following needs to be carried out before the penetration tester can begin their work?
� Sign a contract
� Right to audit clause
� Rules of engagement
� Obtain a network diagram
A
Rules of Engagement - This document outlines the scope of the test, what systems can be tested, the testing methodologies, the schedule, and any limitations or restrictions imposed by the organization
20
Q
You are a change manager overseeing a critical system upgrade. What key component of change management provides comprehensive and detailed instructions for routine operations, contributing to consistent and secure execution during the change process?
� Operational guidelines
� A procedural framework
� A standard operating procedure
� An operational manual
A
A standard operating procedure is an essential element of change management that comprises comprehensive and detailed instructions for routine operations, ensuring consistent and secure execution during the change process.
21
Q
The cybersecurity team has been tasked with finding the root cause of a recent security incident. Why is this important?
� To see how the incident was dealt with.
� To prevent it from happening again.
� To gather Indicators of Compromise
� To update threat feeds.
A
To prevent it from happening again.
22
Q
A cybersecurity administrator found a honey file on the corporate database server. To determine who created the honeyfile, the last access date, and any changes made to the honey file which of the following actions should be carried out?
� Check the files hash.
� Use hexdump on the file’s contents.
� Check endpoint logs.
� Check the metadata.
A
Check the metadata. Examining the metadata associated with the file can provide information about its creation, last access, and changes made
23
Q
After a test showed that a form on a website can be overwhelmed and possibly hacked due to too much data, which security method should an analyst suggest the coder use to stop this from happening?
� Secure cookies
� Input validation
� Stored procedure
� Code signing
A
Input Validation - Ensures that data entered into form fields adheres to specified criteria, preventing malicious input that could lead to buffer overflow vulnerabilities.
24
Q
Which of the following are you protecting using a L2TP/IPSec VPN?
� Data at rest
� Data in transit
� Data in use
� Data sovereignty
A
Data in Transit
25
An employee has been asked to sign an Acceptable Use Policy (AUP) for a new CAD system. Which of the following controls does this fulfil?
� Corrective
� Compensating
� Preventive
� Deterrent
Preventative Controls - Measures put in place to proactively prevent or deter undesirable events or actions. In this context, by signing the AUP, employees agree to adhere to the established rules and guidelines for using the CAD system.
26
Which of the following is used to add extra complexity to a credential before applying a one-way data transformation algorithm?
� Steganography
� Data masking
� Salting
� Hashing
Salting - involves adding a random value (the "salt") to the plaintext password before hashing it. This adds complexity and uniqueness to each hashed value, making it more resistant to attacks like rainbow tables.
27
A company employee has been allowed to bring his personal smartphone and tablet into the workplace to use when carrying out his job. Which of the following would be the GREATEST security risk? (Select TWO)
� End of life
� Data exfiltration
� Lack of updates.
� Jailbreaking
Jailbreaking (Rooting if android)
Data Exfiltration
28
A security administrator has set up alerts on a new device. After the first day of monitoring, it was determined that about 40% of the alerts received were false positives. What can be done to reduce this figure?
� Correlating events
� Adjust the tuning
� Quarantining
� Archiving
Adjusting the Tuning
29
A covert spy plans to conceal information inside the graphical image of a company's business notepaper. What technique are they using?
� Tokenization
� Hashing
� Steganography
� Data masking
Steganography
30
A junior technician was tasked with patching a file server. They download the patch onto the server, but it fails to install. What is the most likely reason for this?
� Role based access control.
� Rule based access control.
� Least privilege
� Privilege access management
Least Privilege
31
A small company needs to build a backup site but cannot afford to install equipment at that site or replicate the data. Which of the following sites meets their needs?
� Hot Site
� Warm Site
� Cold Site
� Disaster Recovery Site
Cold site - Most cost-effective option for a small company with budget constraints. While it doesn't have the equipment or data readily available, it still provides the basic infrastructure (space and power) needed for setting up equipment and restoring data in case of a disaster.
32
As a cybersecurity analyst, you are tasked with enhancing an organization's defenses against malware and unauthorized applications. What primary objective does the implementation of an application allow list strategy serve within cybersecurity measures?
� Simplifying network architecture
� Expediting software deployment
� Enhancing user authentication.
� Mitigating malware and unauthorized applications
Mitigating malware and unauthorized applications - by permitting only approved software to run, thereby enhancing security.
33
You are the IT director responsible for managing a complex enterprise environment with numerous interconnected services. What critical strategic aspect should be carefully evaluated before executing a service restart, ensuring optimal system availability while mitigating potential security vulnerabilities?
� Hardware compatibility
� Staff training
� Network latency
� The potential impact on interconnected services
Potential Impact on interconnected Services
34
A contractor has been hired by a hospital to sanitize data held in an archive. However, the contractor states that he cannot sanitize 20% of the archive data. What would be the reason for this?
� Encryption
� Least Privilege
� Classification
� Retention
Retention - Retention policies dictate how long certain types of data should be kept before it can be deleted or destroyed. Medical data needs to be retained for 6 years.
35
A research and development department works on new inventions, designs, and patents. How would you categorize this data?
� Sensitive
� Intellectual property
� Public
� Regulated data
Intellectual property - The data produced by the research and development department, including inventions, designs, and patents, represents intellectual property that needs to be protected and managed to maintain its value and exclusivity.
36
Which of the following is the BEST method to protect data at rest on the laptops of sales personnel?
� Full Disk Encryption (FDE)
� Tokenization
� Hashing
� Normalization
FDE - Full Disk Encryption
37
Which of the following refers to the maximum risk a company can bear and accept? (Choose TWO)
� Risk transference
� Risk threshold
� Risk tolerance
� Quantitative risk
Risk Threshold
Risk Tolerance
38
A hacker gained access to a system using a hyperlink in a phishing attack and ransomware was deployed across the network. Which of the following would have prevented the spread?
� NIPS
� NIDS
� HIDS
� HIPS
NIPS - Monitors network traffic and can detect and block known malware or suspicious activity in real-time, which can help prevent the spread of ransomware across a network.
39
A client asked a security company to provide a document outlining the project as well as its cost and completion time frame. Which of the following documents should the company provide to the client?
� Master Service Agreement (MSA)
� Business Partnership Agreement (BPA)
� Statement of Work (SOW)
� Memorandum of Understanding (MOU)
SOW - Statement Of Work
40
A network engineer has ensured that a host-based firewall on a legacy system allows connections from only specific internal IP addresses. Which of the following does this describe?
� Compensating control
� Segmentation
� Geographic dispersal
� Risk Transference
Compensating control - By implementing this firewall rule, the engineer has put in place a compensating control to mitigate security risks and enhance the system's security posture.
41
A company employs researchers to security test their internet-based applications. If vulnerabilities are found, then the researchers who find them will be rewarded. In which of the following categories do these researchers belong?
� Known environment penetration tester
� Blue team
� Bug bounty
� Unknown environment penetration tester
Bug Bounty
42
Which of the following agreement types defines the metrics by which the vendor must respond?
� BPA
� SLA
� MOA
� SOW
SLA - Service License Agreement - Specify the agreed-upon service levels, including metrics, response times, and performance targets that a vendor must meet
43
When a criminal has been apprehended by law enforcement agents, which of the following should be implemented to show that the evidence is handled properly?
� Legal hold
� Record the time offset
� Chain of custody
� Right to audit clause
Chain of custody refers to the documentation and procedures used to chronologically track the handling, transfer, and storage of evidence.
44
Following an instance of financial fraud, an auditor is sifting through all of the financial transactions. What control type is the auditor adopting?
� Deterrent
� Compensating
� Corrective
� Detective
Detective controls are focused on identifying and detecting security incidents or unauthorized activities after they have occurred.
45
A security engineer is placing a legacy device in its own subnet. Which of the following control types are they implementing?
� Compensating
� Deterrent
� Access Control
� Detective
Compensating controls are put in place to reduce the risk of a vulnerability or a weakness that cannot be resolved by a primary control.
46
Security controls in a data center are being audited to ensure that both the data and human life are properly protected. How should the security controls be set up? Select the BEST option.
� Security control logging with fail open.
� Safety controls with fail closed.
� Safety controls with fail open.
� Logical security controls with fail closed.
Safety controls (Fail Open), especially those related to physical safety, should be configured to "fail open" in case of system failures. This means that if a safety control or mechanism malfunctions, the system should allow unrestricted access to ensure people's safety, particularly in emergency situations like fires.
47
Which is the BEST way for a cybersecurity administrator to monitor for unauthorized software installation and settings changes?
� EDR software on all workstations and servers
� Collect network data using Wireshark
� Deploy a SIEM system
� Credentialed vulnerability scan
EDR -Endpoint Detection and Response - Software is designed to monitor and respond to security threats on individual endpoints (workstations and servers). It can detect unauthorized software installations and changes to settings.
48
Which of the following is an example of active reconnaissance?
� Patching Software
� Running a port scan
� Restoring a backup
� Filtering firewall traffic
Running a port scan is an example of active reconnaissance. In active reconnaissance, an attacker actively probes and interacts with the target system to gather information.
49
A security consultant needs a secure connection to the company for remote users. Which of the following should the security consultant implement?
� IPsec
� Jump Server
� Network Address Translator
� Proxy Server
Internet Protocol Security (IPsec) is a suite of protocols used to secure communications over IP networks using a VPN. It provides a secure tunnel for remote users to connect to the company's network securely.
50
Which of the following can be used to validate a user's certificate that is installed on his smart card? (Select two).
� Key Escrow
� CRL
� CSR
� OCSP
A Certificate Revocation List (CRL) is a list of certificates that have been revoked by the Certificate Authority (CA) before their expiration date.
The Online Certificate Status Protocol (OCSP) is another method for checking the validity of a certificate.
51
A small organization has just hired a third party to remediate several vulnerabilities that were found on their network. Which of the following tasks should be done last?
� Audit
� Penetration Test
� Written Report
� Run another vulnerability scan
Run another vulnerability scan to ensure that the remediation efforts have been successful.
52
A cybersecurity administrator needs to oversee the accurate deployment of cloud resources using the least amount of administrative access. Which of the following should be implemented?
� Software as a service
� Infrastructure as code
� Infrastructure as a service.
� Platform as a service
Infrastructure as Code (IaC) - allows you to define and manage cloud resources using code and automation, reducing the need for manual administrative access and minimizing human error.
53
A forensic investigator is trying to determine which employee emailed PII data to an external customer. Which of the following tools will help the forensic investigator?
� EDR
� Proxy Server
� Net Flow
� DLP
Data Loss Prevention (DLP) solutions are specifically designed to monitor, detect, and prevent the unauthorized transfer of sensitive data such as PII and can help identify who sent the data and where it was sent.
54
A cybersecurity analyst previously set up a honeypot and has since successfully gathered information about a new attack method. Which of the following should the cybersecurity analyst do prior to setting up the SIEM and SOAR servers to identify this new attack method?
� Threat hunting
� E-discovery
� Incident response plan
� Disaster recovery plan
Threat Hunting - involves actively searching for signs of malicious activity and potential threats within the network. This is done to create the data on the threat needed to effectively implement SIEM and SOAR. It is a proactive approach to identifying and mitigating new attack methods
55
A company is going to roll out FDE to all of the company laptops and desktops. Which of the following are critical to this implementation? (Select TWO).
� Key escrow
� PGP
� TPM
� CRL
TPM - A hardware-based security feature that can securely store encryption keys and help protect against unauthorized access to encrypted data. It is crucial for secure FDE implementations.
Key escrow
56
A company suffered a buffer overflow on one of its internet web servers. Which of the following should be installed to mitigate the risk of buffer overflow on internet web servers?
� IP Sec
� WAF
� CASB
� SD-WAN
A Web Application Firewall (WAF) is designed to protect web applications from various attacks, including buffer overflows. It can help filter and block malicious traffic before it reaches the web server.
57
Which of the following threat actors is the MOST LIKELY to be able to fund criminal organizations in neighboring countries to launch influence campaigns?
� Unskilled attacker
� Hacktivist
� Competitor
� Nation state threat actor
� Advanced persistent threat
Nation State Threat Actor - most likely to have the financial means and resources to fund criminal organizations in neighboring countries for large-scale influencing campaigns.
58
Following a third-party audit, the auditor noticed that some of the security settings on a server were incorrect. Which of the following should the company use to continuously verify security settings?
� CIS Benchmarks
� Attestation
� Morning inspection
� Automation
Automation - Involves using software or scripts to regularly check and enforce security settings on a server automatically. With automation, you can set up continuous monitoring and remediation processes to ensure that security settings remain correct over time.
59
A network administrator is having problems with users being unable to access the internet. During their investigation, they discover that network logs show only a small number of DNS queries and that the server resources are using minimal CPU and memory; however, there is a huge amount of inbound traffic. Which of the following types of attacks does this describe?
� Reflected denial of service
� Botnet
� On-path resource consumption
� Login Bomb
Reflected denial of service attacks involve attackers sending requests to a large number of intermediary servers, which then reflect and amplify the attack traffic towards the target server, causing network congestion.
60
A financial administrator receives a text message from an unknown number claiming to be the Human Resources Manager and asking the employee to purchase several gift cards for the Christmas raffle. Which of the following types of attacks is this?
� Impersonation
� Smishing
� Vishing
� Phishing
Smishing
61
A security manager has recently created new policies to deal with security incidents. Which of the following should be their next step?
� Set the data retention policy.
� Encrypt the policies.
� Classify each of the policies.
� Organize a tabletop exercise.
Organize a tabletop Exercise - Helps test the effectiveness of the newly created policies and ensure that employees understand how to respond to security incidents.
62
A company based in Florida suffered 20 storms this year, resulting in environmental damage that led to data loss. Which of the following solutions would be the most effective?
� Load balancers
� Geographic dispersion
� Cluster servers
� Off-site backups
Geographic dispersion - Involves the setting up of data centers or resources in different geographical regions to enhance disaster recovery and availability. This can help mitigate the impact of storms and environmental disasters.
63
A legacy IoT device used for testing has a new security vulnerability. Which of the following tasks should a security administrator perform FIRST to mitigate risk of new vulnerabilities in a legacy IoT device?
� Insurance
� Patching
� Upgrade
� Segmentation
Segmentation - Involves the isolation of vulnerable devices from the rest of the network to limit their ability to communicate with other devices and reduce the potential impact of the security vulnerability.
64
An organization wants to monitor the latest attack methods without impacting the company's servers. Which of the following would be the best choice for this?
� Honeyfile
� Honeypot
� SIEM monitoring
� SOAR monitoring
Honeypot - Decoy system or network that is set up to attract attackers and capture their activities. Honeypots can mimic real systems and services, making them attractive targets for attackers. They are designed to be isolated from production servers, so any attacks or suspicious activities do not impact the company's actual servers. Honeypots are an effective way to monitor the latest attack methods without exposing your servers to risk.
65
A security administrator is responsible for data theft prevention of PII and sensitive data. This includes four different types of data. What type of solution should be implemented, and what should the setup requirements be? (Choose TWO)
� Deploy a Data Loss Prevention system.
� Create a rule to block outgoing email attachments.
� Classify the data.
� Implement Least Privilege
DLP - Data Loss Prevention
Classifing the Data - IOT apply appropriate DLP rules to the data
66
A cybersecurity administrator identifies that an attack in which the CPU register was overwritten by a malicious address that is similar to shellcode. What type of attack is this?
� XML injection
� Shimming
� Buffer overflow
� SQL injection
Buffer Overflow - Attack occurs when an attacker inputs more data into a buffer (memory storage) than it can hold, causing the excess data to overwrite adjacent memory locations, including CPU registers. This can be used to inject and execute malicious code that is written with shellcode.
67
Who is responsible for securing the company's servers procured through an IaaS contract under a shared responsibility cloud model?
� Cloud Access Security Broker
� Third- party vendor
� Cloud service provider
� Client
Client - In a shared responsibility model, the client (that is, the company) is responsible for securing the servers and the data they store or process within the IaaS environment. This includes configuring and managing security settings, access controls, and the operating system.
68
A network engineer has discovered that network devices within their organization do not meet the new encryption standard. Which of the following should the network engineer recommend?
� Use a lower encryption standard
� Move the device into a VLAN
� Decommission the device and replace it
� Implement a compensating control
Decommission and replace the device - replacing outdated hardware with devices that comply with current encryption standards ensures that the organization's network security posture remains strong and aligned with best practices and regulatory requirements.
69
Which of the following should be disabled on a network router to harden it? (Select the BEST choice).
� Console access
� ACLs
� SNMP
� Web-based administration
Web-based Adminstration - Disabling it helps prevent remote access to the router through a web interface, thereby enhancing security.
70
A cybersecurity administrator observes that several existing accounts have been locked following attempted logins from users overseas? What type of attack is this and how can we mitigate the risk? (Select TWO).
� Brute force
� Password spraying
� Multifactor authentication
� Increase account lockout threshold
Brute Force
MFA
71
Which of the following threat actors might be employed by a nation state to carry out their work?
� Organized crime
� Shadow IT
� Hacktivist
� Insider threat
Organized Crime
72
An organization is looking for a cloud based, low-cost solution for their application development. Which of the following is the best solution for this?
� VDI
� Hyper V
� SAN
� Serverless Architecture
Serverless Architecture
73
A Chief Information Security Officer (CISO) wants to monitor attacks on the company servers. The company uses a reverse proxy to provide SSL/TLS decryption so that incoming traffic can be monitored. Which of the following should the CISO implement?
� Capture all of the traffic entering and leaving the servers
� Deploying a network-based intrusion detection system.
� Logging operating system security logs
� Deploy a network-based intrusion prevention system
Captruing all traffic entering and leaving the servers - (especially after SSL/TLS decryption provided by the reverse proxy) allows for comprehensive monitoring and analysis of attacks on the servers.
74
A cybersecurity analyst notices that there has been an increase of login attempts from users in remote locations. This has resulted in brute force attacks. Which of the following can mitigate this type of attack in the future?
� Federation Services
� Data in Use
� Multifactor authentication
� Least Privilege
multifactor authentication adds an extra layer of security by requiring users to provide more than one form of verification before gaining access. This can mitigate brute force attacks by making it significantly harder for attackers to successfully authenticate even if they manage to guess passwords.
75
Which of the following real-time systems defense mechanisms is tailored for mitigating the risk of malware and rootkit attacks on desktops?
� HIPS
� HIDS
� EDR
� Sandbox
EDR - Endpoint Detection and Response - A cybersecurity solution that continuously monitors and analyzes endpoint activities to detect and respond to suspicious behavior, (including malware and rootkit attacks) on desktop computers.
HIPS - is not specific to malware and rootkits and focuses on prevening unauthorized access to a system.
76
An unknown penetration tester is going to test the organization's perimeter security. Which of the following documents will outline the duration of the penetration test?
� MSA
� CIS benchmarks
� SLA
� SOW
SOW - Statement Of Work - outlines the specific details of a project, including the scope, deliverables, timeline, and duration of the penetration test.
77
Which of the following does a digital signature provide?
� Hashing
� Encryption
� Non-Repudiation
� Authentication
Non-repudiation is a key feature of digital signatures, ensuring that a person or entity cannot deny the validity of their electronic signature or sending a message. It provides proof of the origin and integrity of the data, making it possible to verify who signed the document and ensuring that the document has not been altered after signing.
78
Which of the following should a cybersecurity analyst implement to ensure they are informed if the system 32 files have been altered? Choose the best option.
� FIM
� SOAR
� SIEM
� EDR
FIM - File Integrity Monitoring - Continuously monitors and detects changes to files, including modifications, deletions, or additions, and alerts the analyst if any unauthorized changes occur. It can detect any changes to system files by a rootkit.
79
Which of the following would prevent the installation of a computer game or ransomware on a use's corporate laptop? Select the best option.
� IPS
� Least Privilege
� Application Allow List
� Host-Based Firewall
Application Allow List (aka Whitelisting) - Ensures that only approved and trusted software can run on company desktops, thereby effectively preventing the installation and execution of unauthorized software or malware.
80
Two car manufacturers decide to participate in a joint venture to create a new super car engine. Which of the following would be the best authentication method for them to choose during the project?
� Open Authentication
� Mandatory Access Control
� Federation Services
� Role-Based Access Control
Federation services provide authentication for joint venture and cloud authentication. This would allow employees from both car manufacturers to access the resources and systems needed for the project using their own organization's credentials. This ensures SSO, seamless authentication, and collaboration between the two companies.
81
Which of the following enables you to hide a credit card number so that only the last three digits on the right-hand side are visible?
� Masking
� Encryption
� Tokenization
� Salting
Masking - A data protection feature that obscures specific data within a database so that sensitive information is hidden from those without the need to know the full details
82
A company is transitioning to the cloud and needs to open ports on the firewall to complete the task. What type of risk does this represent?
� Federation Services
� Supply Chain
� Insider Threat
� RAT
Opening ports on the firewall introduces a supply chain risk. These are potential vulnerabilities and threats that arise from third-party vendors, services, or processes involved in the supply chain.
83
Why would a company that is PCI DSS compliant be subject to an annual audit? Choose the BEST answer.
� Internal audit requirement
� Third party audit requirement
� Check the firmware update
� Regulatory Requirement
Payment Card Industry Data Security Standard (PCD DSS) Compliance is a regulatory requirement for companies that handle credit card transactions. These companies are therefore, subject to an annual audit to ensure ongoing compliance with this regulatory standard.
84
Users at a company need to sign up for a cybersecurity conference. When they attempt to sign up to the website, they are blocked by the proxy server as the site was deemed to be a gambling website. Which of the following actions should the network administrator take to ensure users can sign up for the conference?
� Change the proxy to a reverse proxy.
� Modify the URL block list on the proxy server.
� Modify the content filter on the proxy server.
� Change the firewall rules.
The content filter on the proxy server is responsible for categorizing and blocking access to certain websites based on predefined criteria. In this scenario, the network administrator should modify the content filter to allow access to the cybersecurity conference website while still blocking access to gambling websites.
There is no need to modify the URL as the users got to the website before being blocked.
85
A company wants to decommission 50 laptops and donate them to a local school. Which of the following decommission methods will they use?
� Destruction
� Pulverizing
� Degaussing
� Sanitization
Sanitization - Does not physically destroy them.
86
A person working on the reception desk at a major multinational company received a phone call from someone claiming to be the Chief Financial Officer asking for their company credit card to pay a bill. Which of the following attack types is this MOST LIKELY an example of?
� Whaling
� Phishing
� Social Engineering
� Misinformation
A social engineering attack relies on manipulating individuals to gain sensitive information or access.
87
A cybersecurity consultancy wants to reduce the threat scope for a major customer. Which of the following will the cybersecurity consultancy implement first?
� Proxy Server within Data Plane
� Zero Trust within Data Plane
� Implied Trust within Data Plane
� Segmentation within Data Plane
Zero Trust within the data plane ensures that no entity is inherently trusted within the network and that all communication and access attempts are thoroughly verified and authenticated to mitigate potential security risks and threats.
88
Which of the following sets of identity proofs could be used for multifactor authentication? Choose the best answer.
� Password, PIN, birth date
� Gait, retina, username
� Fob, token, iris
�Password, typing dwell time, gait
Gait, Retina and Username - Includes a mix of authentication factors: something you are (retina), something you have (username), and something you do (gait).
89
An Active Directory administrator is creating a script to provision new users. In which of the following would be cases would the script be useful with minimal effort? Choose the best TWO.
� PowerShell
� Automation
� Orchestration
� Technical Debt
Automation
Orchestration
90
An attacker managed to launch a cross-site scripting on a web server. A cybersecurity consultant was brought in to prevent this from happening again. Which of the following techniques did the cybersecurity consultant most likely implement?
� Stored Procedure
� Change Management
� Secure Cookies
� Input Validation
Input validation is a technique used to ensure that data entered into a system is valid and safe by sanitizing or rejecting malicious input, thereby preventing common vulnerabilities like cross-site scripting.
91
What is the first phase of SDLC?
� Test
� Staging
� Production
� Development
The first phase of the Software Development Life Cycle (SDLC) is the Development stage. This phase involves writing, testing, and integrating (merging) code from multiple developers to develop the software product.
92
Which of the following can grant permissions based on job function rather than username?
� Federation services
� SAML token
� RBAC
� Mandatory Access Control
Role-Based Access Control (RBAC) is a method of restricting network access based on the roles of individual users within an organization. Permissions are assigned to roles, and users are then assigned to appropriate roles based on their job functions. This allows for granting permissions based on job function rather than individual usernames.
93
A company is changing its password policy to the following:
Password length: Minimum 10 character
Complex: Yes
Password History: 6
Which of the following is the fastest way to deploy this update?
� Active directory replication
� Access control list
� Group Policy Object
� Salting
Group Policy Object (GPO) are used in Windows environments to enforce security settings and configurations, including password policies. Deploying the password policy update via GPO would be the fastest and most efficient way to ensure all relevant systems and users are compliant with the new policy.
94
A corporate security team found documents that were being used for a birthday attacks. What should they do FIRST to find the root cause?
� Check the metadata.
� Check the documents hash value.
� Check the source code.
� Check the code signing certificate.
Checking the metadata of the documents can provide valuable information (such as authorship, creation date, and any revisions made) and help the security team trace the origin and potential source of the birthday attacks.
95
You are a financial institution and there have been insider threats where credit card information has been exfiltrated via email. Which of the following would prevent this threat in the future?
� Least Privilege
� DLP
� NAC
� EDR
DLP - Data Loss Prevention
96
A company has a contract with a military base to burn their paper waste. Which of the following will the government issue to the military base so that they can account for the destruction?
� A destruction inventory
� An audit trail
� Destruction certificate
� Sanitization certificate
Destruction Certificate - A document issued to confirm that certain materials or items have been destroyed according to specified procedures.
97
A cybersecurity analyst discovers that some of the sensitive files on their company file server have been decrypted, leaving the data vulnerable to attack. Searching those log files, they determine that the person that decrypted the files was John Smith from the IT Team. What type of attack has been carried out?
� Hacktivist
� Insider Threat
� Competitor
� Unskilled attacker
Insider Threat
98
There has been a recent attempt to access the data on your network from foreign countries. Which of the following policies can be used to mitigate the risk of another similar attempt succeeding?
� Retention Policy
� Access Control Policy
� Geolocation Policy
� Impossible Time Travel Policy
Geolocation Policies
99
Which of the following relates to risk appetite or risk tolerance?
� Risk threshold
� Risk classification
� Risk score
� Risk acceptance
Risk Threshold
100
A nation-state has decided to find agents in the local population to carry out its attacks. Which of the following threat actors will they use? Choose the BEST answer.
� Unskilled attacker
� Insider threat
� Organized crime
� Hacktivist
Organized Crime
101
A developer has created source code that needs to be sent to other developers within the company. They have bought a code signing certificate and applied it to the software. What is the main reason for this action?
� To conduct manual code analysis
� To prove the authenticity of the code
� To encrypt the source code
� To provide static code analysis
Prove the Authenticity and integrity of the code by digitally signing it with a certificate. This helps users verify that the code comes from a trusted source and has not been altered or tampered with since it was signed.
102
Which of the following can be used to identify the severity of a vulnerability?
� CVSS
� MITRE ATTACK
� Credentialed Scan
� CVE
The Common Vulnerability Scoring System (CVSS) is used to assess and determine the severity of vulnerabilities based on various factors. 9 and 10 indicate critical vulnerability, while scores between 0.1 and 3.9 indicate low vulnerabilities.
103
The military are setting up government laptops and want to ensure that data cannot be exfiltrated from them. Which of the following should they implement? Choose TWO.
� USB drive
� TPM chip
� Database Encryption
� FDE
� Hashing
TPM
FDE
104
Which of the following would be the best ways to control access to a datacenter? Choose THREE.
� Mantrap
� Barricade
� Bollards
� Access Control Vestibule
� Visitor Logs
� CCTV
� Visitor Badges
Mantrap
Access Control Vestibule
Visitor Control Badges
105
The cybersecurity team has just revamped its cybersecurity incident reporting procedures. What should they use to test the procedures?
� Security awareness training
� Simulation
� Tabletop exercise
� Lessons learned
Tabletop Exercise - A paper based, hypothetical exercise that is used to test response procedures, including incident reporting. This type of exercise is particularly useful for testing incident response plans, including reporting procedures, as it allows team members to verbally go through the process, identify any gaps or issues, and make improvements in a low-stress, non-disruptive environment.
106
Following an incident, an audit is conducted to investigate its cause and better prevent a recurrence of the issue in the future. Which of the following does this describe?
� Root Cause Analysis
� Lessons Learned
� Detective Control
� Preventative Control
The audit is conducting a root cause analysis, which involves investigating an incident to identify the underlying cause or causes. By understanding what caused the incident, preventive measures can be implemented to avoid similar incidents in the future.
107
A company is updating its security policy and wants to change the rules on a new firewall, which has already been approved by the change management board. Which of the following should they do first?
� Implement the changes on a live production environment.
� Test the implementation in a non-production environment.
� Test using only allow rules.
� Test using only deny rules
Test the implementation in a non-production environment - testing only allow or deny rules will not provide comprehensive coverage.
108
Which of the following are examples of risk transference? Choose all that apply.
� Insurance
� Patching
� Moving email to the cloud
� Outsourcing your IT
Insurance, Moving email to the cloud, and Outsourcing your IT. Any form of insurance, outsourcing, or migration of data to the cloud are forms of risk transference as they make someone else responsible for the security of that data.
109
A company suffered a cyber-attack and lost $1 million in revenue. Following the incident, lessons learned was carried out, and it was found that the admin account for the HVAC maintenance operator was used. What type of attack does this indicate?
� Insider threat
� Shadow IT
� Supply Chain
� Unskilled attacker
Supply Chain - Since the HVAC system is part of the supply chain for the company, this type of attack is categorized as a supply chain attack
110
Which of the following lays down all of the risks that a company faces, along with the person responsible for the risk and the treatment plan?
� Risk acceptance
� Risk register
� Risk threshold
� Inherent Risk
Risk Register - A risk register is a tool used in risk management and project management to identify potential risks in a project or organization. It serves as a central repository where all identified risks are recorded and includes details about each risk, such as its nature, the likelihood of its occurrence, the impact it would have, mitigation strategies, the person responsible for managing the risk, and any relevant treatment plans to address or mitigate the risk.
111
A network administrator is creating a new set of firewall rules following the introduction of new technology to their company network. Which of the following should the network administrator do before implementing these rules?
� Run a port scan
� Update the DRP
� Update the IRP
� Implement Change Management
Implement Change Management - This includes documenting and assessing the changes, obtaining necessary approvals, and communicating the changes to relevant stakeholders. Implementing change management helps ensure that the changes are implemented in a controlled and organized manner, reducing the risk of disruption to the network and systems.
112
Which of the following attack methods can be used to steal customers credit card details from a company server?
� Integer Overflow
� SQL Injection
� Buffer Overflow
� Cross Site Scripting
SQL Injection is a technique whereby attackers inject SQL commands into input fields of a web application to manipulate the database and access sensitive information such as credit card details stored on the company server.
113
A network engineer has found that their company is using a critical legacy system on the network. To protect this system, the engineer places an IPS in front of the system. Which of the following controls has the engineer adopted?
� Risk mitigation
� Corrective control
� Compensating controls
� Operational controls
Compensating controls are alternative measures put in place to address a security requirement when the primary control is not feasible or effective. In this case, the IPS serves as a compensating control to protect the legacy system.
114
An audit discovers that domain users are being granted access to data that they should not be able to see. Which of the following can be implemented to prevent this from happening?
� Open Authentication
� ACL
� DLP
� Masking
Access Control Lists (ACLs) specify which users or groups are granted access to specific objects, such as files or folders, and what actions they are allowed to perform on those objects. By properly configuring ACLs, unauthorized access to sensitive data can be restricted
115
A cybersecurity company is going to onboard a new customer. The team leader breaks down all of the tasks into a Gantt chart. Which of the following is the primary purpose of this process?
� Workforce Capacity Planning
� Infrastructure Capacity Planning
� To determine the individual skillset required
� To determine the number of software licenses required
Infrastructure Capacity Planning - The main reason for creating a Gantt chart is to plan and schedule tasks related to infrastructure capacity planning. A Gantt chart visually represents the timeline of tasks and their dependencies, helping the team leader coordinate the deployment of infrastructure resources required to onboard a new customer.
116
Which of the following elements has an impact on risk management decisions?
� RTO
� BPA
� ARO
� SLE
Annualized Rate of Occurrence (ARO) represents the estimated frequency at which a specific threat will exploit a vulnerability within a given timeframe. It directly impacts risk management decisions by helping to assess the likelihood of potential threats.
117
A cybersecurity administrator has noticed an increase in the number of trojan attacks on corporate desktops. What is the BEST way to prevent these attacks in the future?
� Use EDR to block execution of downloaded applications.
� Use HIDS to block execution of downloaded applications.
� Implement strict network access controls.
� Train employees in identifying phishing attempts.
Endpoint Detection and Response (EDR) solutions can monitor and respond to suspicious activities on endpoints, including blocking the execution of potentially harmful downloaded applications.
118
Which of the following devices are used as detective controls? Choose TWO.
� IDS
� Firewall
� SIEM
� Load Balancer
IDS (Intrustion Detection System)
SIEM (Security Information and Event Management)
119
Which of the following are physical controls? Choose TWO.
� Patching
� Access Control Vestibule
� Mantrap
� Secondary control
Access Control Vestibule
Mantrap
120
A cybersecurity engineer wants to block incoming Secure Shell connections so that attackers cannot launch secure remote access on the corporate network. The attackers use the IP address 140.107.20.1. Which of the following firewall ACLs will accomplish this task?
� Access list inbound deny 0.0.0.0/0 140.107.20.1/24 port 22
� Access list inbound deny 0.0.0.0/0 140.107.20.1/32 port 23
� Access list inbound deny 140.107.20.1/32 0 0.0.0.0/0 port 22
� Access list inbound deny 140.107.20.1/24 0 0.0.0.0/0 port 23
Access list inbound deny 140.107.20.1/32 0 0.0.0.0/0 port 22
This ACL denies all traffic coming from the IP address 140.107.20.1 on port 22, effectively blocking incoming Secure Shell (SSH) access attempts. Denies all traffic from 140.107.20.1 to any destination - the 0.0.0.0 on port 22
Deny from xxx/0 to xxx/0
121
The engineering department has set up their own AutoCAD system without following change management procedures. Which of the following do their actions describe?
� Self-sufficiency
� Insider Threat
� Supply Chain
� Shadow IT
Shadow IT refers to the use of unauthorized or unapproved software or hardware within an organization.
122
During an annual security awareness training event, there is a session on proper security communication, which of the following subjects is MOST likely to be covered?
� Spear Phishing
� Reporting suspicious events
� Phishing Campaign
� Whaling
Reporting Suspicious Events
123
Delete
Delete
124
The customer service team at a building materials depot receive a text message that pretends to be from the customer service manager asking them to deliver two tons of raw materials to a provided address. What type of attack is this? Choose the BEST answer
� Whaling
� Smishing
� Vishing
� Impersonation
Smishing
125
A cybersecurity company is going to onboard a new customer. The team leader breaks down all of the tasks into a load chart. Which of the following are they assessing?
� Manpower Capacity Planning
� Technology Capacity Planning
� The weight of equipment
� The number of software licenses required
Manpower Capacity
126
A person received an email saying they had won a holiday, and they replied by clicking a link, which triggered the download of a virus. What type of attack was this?
� Phishing
� Spear Phishing
� Whaling
� Cross Site Request Forgery
phishing
127
At a public internet forum for engineers, an engineer initiated a download that resulted in a rapidly spreading malware infecting the compan's network. What type of attack has occurred?
� Trojan
� Ransomware
� Worm
� Watering hole
Watering Hole
128
Which of the following describes granting access to data based on file classification?
� Federation services
� RBAC
� MAC
� DAC
Mandatory Access Control - MAC - enforces access controls set by a system administrator or security policy. Users do not have discretion over the access controls; instead, access is determined by the system according to the security labels assigned to files.
129
What is the name of the person that backs up, encrypts, and stores data?
� Data Steward
� Data Custodian
� Data Controller
� Data Processor
Data Custodian
130
A company is creating a new software package and has turned the research and development department into an air gapped network. Data has been stolen from one of the air gapped computers. What is the type of threat actor and what did they use to steal the data?? Choose TWO
� Unskilled attacker
� Hacktivist
� Insider Threat
� RDP
� VPN
� USB
� Mapped drive
Insider Threat
USB
131
Which of the following records known vulnerabilities and the affected platforms?
� CVSS
� MITRE ATTACK
� Credentialed Scan
� CVE
Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed cybersecurity vulnerabilities and exposures that provides a unique identifier (CVE ID) for each vulnerability. It typically includes information about the affected platform or software.
132
Which of the following methods allows you to swap a credit card number for a benign token?
� Masking
� Encryption
� Tokenization
� Salting
Tokenization - Involves replacing sensitive data such as a credit card number with a unique identifier (token) that has no exploitable meaning or value.
133
What sophisticated cyber attack method inundates a targeted system with amplified data responses, causing it to become inaccessible to legitimate users?
� Social engineering
� Reflective denial of service
� Malware injection
� Phishing
Reflective Denial of Service
134
Which of the following best describes a firmware update?
� Patching an operating system
� Application update
� BIOS update
� Software update
BIOS Update
135
A network administrator has noticed a suspicious increase in network traffic. Upon further analysis, they discover several DNS queries that are bypassing network security methods. What type of attack is this?
� Buffer Overflow
� DNS Poisoning
� Data Exfiltration
� SQL Injection
Because this is unauthorized, this would be considered data exfiltration. Data exfiltration involves the unauthorized transfer of data from a system, which could manifest as DNS queries bypassing security measures.
136
A threat actor begins an attack by launching a port scan followed by a vulnerability scan. What type of reconnaissance are they carrying out?
� Active
� Offensive
� Red Team
� Passive
Active reconnaissance involves directly interacting with the target system to gather information. Example approaches to this include launching port and vulnerability scans.
137
When a company is hit by a tornado that damages critical servers, which of the following plans should be followed first? Choose the best option.
� Business Continuity Plan
� Incident Response Plan
� Communication Plan
� Disaster Recovery Plan
Disaster Recovery Plan - Preparing for any type of disaster that could occur.
138
Which of the following is a preventative control?
� Patching
� Data Backup
� AUP
� MOU
AUP - Acceptable Use Policy
139
Which of the following would allow application developers to use different versions of their operating system without impacting the application and using their resources efficiently?
� Containers
� Virtual Machines
� Sandbox
� Embedded System
Containers - Provide a lightweight and portable way to package, isolate, and run applications along with their dependencies. They allow application developers to use different versions of the operating system without impacting the application itself, as each container includes everything needed to run the application independently of the underlying host system.
140
In which of the following circumstances should a device be removed from the network? Choose the best option.
� The device has come from a sandbox.
� The device uses cleartext passwords.
� The device's encryption level cannot meet the company requirements.
� The device is legacy, and the vendor has gone out of business
Encryption is crucial for protecting data confidentiality, and if a device cannot meet the necessary encryption standards, it poses a significant security risk to the network. Removing such a device helps ensure that sensitive data remains adequately protected.
141
A small business plans to open an e-commerce website and wants to ensure that the site is available even if there is an environmental disaster. Which of the following should they invest in? Choose TWO.
� A RAID system
� Cloud infrastructure
� Managed power distribution unit
� Offline backup
� Geographic Dispersion
� Uninterruptable Power Supply
Geographic Dispersion
Cloud Infrastructure
142
A multinational organization is suffering latency with the VPN concentrator while it is establishing secure sessions. They are looking for a cloud-based solution that will improve performance and flexibility with traditional VPN solutions. Which of the following should be implemented?
� SD-WAN
� SASE
� Site to site VPN
� Load Balancer
Secure Access Service Edge (SASE) is a cloud-native security architecture that combines network security functions with WAN capabilities to provide improved performance and flexibility for remote users and branch offices, making it an ideal solution for the organization.
143
The CISO has attended an important cybersecurity conference and, upon their return, enters the server room. What activity is the CISO most likely carrying out?
� Insider threat
� Active reconnaissance
� Threat hunting
� Passive reconnaissance
Threat Hunting - The CISO entering the server room could be interpreted as conducting a form of threat hunting, such as inspecting server configurations or checking for signs of compromise.
144
Delete
Delete
145
A cybersecurity analyst needs to privately access portions of the network remotely without using a VPN. Other traffic must not be mixed with his connection. Which of the following will they use?
� Remote Desktop Protocol
� Telnet
� Jump Server
� Reverse Proxy
Jump Server - A server that allows remote access to specific portions of a network while ensuring isolation of traffic for the user accessing it. RDP does not prevent other traffic on the connection.
146
Which of the following describes the process of a user installing an .apk file on their Android smartphone?
� Rooting
� Jailbreaking
� Sideloading
� Containers
Sideloading - .apk (android application packages)- this what the actual process is called
Both these are opening them to install other files
Jailbreakikng - specific to IOS.
Rooting - android
147
A company is opening a new remote site in a region that is prone to flooding. Which of the following should they implement to increase availability and reduce downtime?
� Geographical Dispersal
� Clustered file servers
� Storage Area Network
� Cold Site
Geographic Dispersal
148
The incident response team wants to prevent an internal network attack from an attacker using the IP address 131.107.2.1. Which of the following firewall rules should they set up?
� access-list inbound deny ip source 0.0.0.0/0 destination 131.107.2.1/32
� access-list inbound permit ip source 131.107.2.1/32 destination 0.0.0.0/0
� access-list inbound deny ip source 131.107.2.1 /32 destination 0.0.0.0/0
� access-list inbound permit ip source 0.0.0.0/0 destination 131.107.2.1/32
Access-list inbound deny ip source 131.107.2.1 /32 destination 0.0.0.0/0
This rule denies all traffic originating FROM the IP address 131.107.2.1 TO any destination, effectively preventing the attacker from accessing the internal network.
149
A company has an SLA for its printers that guarantees 99.9% uptime. Their support company notifies the IT manager that they will require the printers to be taken offline for four hours over the weekend in order to apply a maintenance patch.. This will not affect the 99.9% uptime, and the preplanned activity is communicated to users. What is the support company requesting?
� Maintenance Window
� Recovery Point Objective
� Scheduled Downtime
� An exception to the SLA
Scheduled downtime refers to a planned period during which a system or service is offline for maintenance or updates. It is communicated to users, as in the question and it does not count towards the uptime percentage guaranteed by the SLA. Option A is incorrect.
150
During an annual security awareness training program, a trainer encounters a suspicious email containing a hyperlink. The trainer advises the delegates on the appropriate action to take. What does the trainer advise the delegates to do first?
� Verify the identity of the sender
� Check the number of recipients
� Hover the mouse over the hyperlink
� Delete the email
Hover the mouse over the Hyperlink - Hovering the mouse over the hyperlink lets you preview the destination URL without clicking on it. This can help determine whether the link is legitimate or malicious, providing valuable information for further action without risking attack activation.
this should be checked before verifing the ID of the sender.
151
What is a common outcome of implementing lessons learned in project management?
� Increased project efficiency and effectiveness
� Decreased team morale
� No significant impact on project outcomes
� Higher budget allocation for future projects
Increased project efficiency and effectiveness
152
Which of the following is a risk mitigation strategy?
� Purchasing car insurance
� Outsourcing your IT
� Implementing a technical control
� Taking no action
Implementing a technical control - the others are Risk Transferance, taking no action is Risk Acceptance.
153
Which of the following Microsoft servers is capable of providing Authentication, Authorization, and Accounting (AAA) services? (Select TWO.)
� TACACS+
� DIAMETER
� Domain controller
� RADIUS
DIAMTER
RADIUS -
TACACS+ is not a microsoft server, it's a protocol primarily used for nework device authentication.
154
A network engineer installed a new wireless network for a customer. Following this installation, though, customers complained that they did not have full coverage. Which of the following should the network engineer use before and after installation to confirm that there is full coverage of the wireless network? (Select TWO.)
� Network diagram
� A site survey
� Wireshark
� NMAP
� A heat map
A Site Survey and Heat Map
155
Why should you change the local administrator account credentials on a new device before installing it on the network?
� To enable least privilege
� To allow Privileged Access Management
� To allow remote access
� To change the default credentials
To Change the default credentials.
156
In the context of certificate validity verification in web security, which protocol or mechanism provides real-time validation of the certificate's status?
� HTTPS
� TLS
� CRL
� OCSP
OCSP - Online Certificate Status Protocol - provides real-time validation of a certificate's status by querying a certificate authority's server to determine whether the certificate is valid. CRL is used to verify but does not provide real-time validation.
157
A company operates an e-commerce website and recently experienced a five-hour power outage, during which no sales could be completed. To prevent such incidents in the future, which of the following measures should the company implement?
� Install a warm site
� Install a hot site
� Install a cold site
� Install a power distribution unit
Install a Hot Site.
158
Your company is in the process of international relocation. Which of the following requires meticulous attention to ensure smooth operations and continuity? Select the BEST choice.
� Navigating local customs clearance procedures
� Negotiating favorable lease agreements for office space
� Adhering to international shipping regulations
� Understanding the intricacies of foreign corporate tax laws
Understanding the intricacies of foreign corporate tax laws.
159
A user receives an email stating that they have won an air fryer and need to fill in their details in the hyperlink provided so that it can be delivered. The user decides to ignore the email, but two days later, they get the same message by text, which they delete. What TWO types of attacks have been attempted? (Select TWO)
� Whaling
� Vishing
� Phishing
� Smishing
Phishing and Smishing
160
A bank teller logged in to a customer's account and stole $10,000. Based on this information, what type of attacker is the bank teller?
� Organized crime
� Hacktivist
� Insider threat
� Competitor
Insider Threat
161
Which of the following threat actors may seek to disrupt another country's affairs (such as elections) and possess significant wealth and resources?
� A nation-state
� A hacktivist
� A script kiddie
� Organized crime
A Nation-State.
162
Which of the following options provides details of all the risks a company encounters, including their ownership and response?
� Risk acceptance
� Risk transference
� Risk register
� Inherent risk
Risk Register
163
Which of the following threat actors is MOST LIKELY to sell you ransomware tools on the dark web?
� Shadow IT
� Organized crime
� Hacktivist
� Unskilled attacker
Organized Crime
164
Which of the following best describes the purple team in a training simulation?
� Offensive
� Offensive and defensive
� Adjudicator
� Adjudicator and offensive
Offensive and defensive
165
A new mobile salesperson has been issued a laptop, tablet, and iOS smartphone. They have been asked to sign an Acceptable Use Policy (AUP) for the smartphone. Which of the following does the AUP prevent?
� Data exfiltration
� Downloading counterfeit apps
� Rooting
� Jailbreaking
Jailbreaking (Rooting is only android)
166
What should a network administrator do first if they are planning to install a new network device and adjust the firewall rules to open ports for the new device to function correctly?
� Back up data
� Create new standard operating procedures
� Adopt change management procedures
� Change the default password on the new device
Adopt change management procedures
167
Which of the following uses cryptography to ensure that data being stored cannot be accessed?
� Obfuscation
� Encryption
� Hashing
� Proof of work
Encryption
168
Which of the following can be used to manipulate a query to access data?
� A buffer overflow
� An XML injection
� A SQL injection
� An integer overflow
A SQL injection involves inserting malicious SQL code, or queries, into input fields of a web application, exploiting vulnerabilities to manipulate or retrieve data from a database. It is a common attack vector in web security and can lead to severe data breaches if not properly mitigated.
169
Which of the following is MOST LIKELY measured in metrics?
� SLA
� MSA
� SOW
� BPA
SLA - Service License Agreement - Typically involve measurable service levels, such as response times, uptime percentages, and resolution times, making them well-suited for measurement in metrics.
170
In the SDLC, which stages involve developers merging their code? (Select TWO.)
� Requirements gathering
� System testing
� Deployment
� Continuous integration
Deployment and Continuous Integration
171
What is the final phase of the incident report cycle that generates a report known in the US military as an "after-action" report?
� Recovery
� Lessons learned
� Staging
� Root cause analysis
Lessons Learned
172
A network administrator wants to ensure secure access to the screened subnet in order to administer two Linux servers. Which of the following should they implement?
� SMB
� Jump server
� RDP
� Telnet
Jump Server (aka Bastion Host)
173
Which of the following would be needed before a CISO could perform an overall vulnerability risk assessment for the company? Select TWO.
� List of all asset owners
� List of all hardware
� List of all software
� List of all licenses
Hardware and Software Lists
174
Which of the following would a coding expert do to check that already live code is fit for purpose?
� Static analysis
� Regression testing
� Staging
� Manual code analysis
Regression testing involves retesting the code to ensure that changes or updates have not introduced new bugs or errors and that the software still meets its requirements
175
Which of the following will be performed in the preparation phase of incident response? Select TWO.
� Defining team members roles and responsibilities
� Quarantine a virus
� Writing incident response policies and procedures
� Geographical dispersal of data
Writing incident response policies and procedures
Defining team members roles and responsibilities
176
Which of the following is the most important factor to consider before updating data privacy policies?
� The location
� Cost
� An employee's skill set
� The operating system
The location - Different regions or countries may have varying laws and regulations regarding data privacy.
177
An IT recruitment agency needs each of its contractors to fill in an electronic timesheet weekly in order to be paid. Which of the following is the major critical factor for the website hosting the web application?
� Authentication method
� Availability
� Transference
� Ease of use
Availability
178
How can you confirm the integrity of files that you download from the internet? Select the BEST option:
� By checking the salt before and after the download
� By encrypting the data being downloaded
� By checking the hash before and after the download
� By checking the metadata
By comparing the hash before and after downloading, you can verify whether the file has been altered during transmission. If the hashes match, it is highly likely that the file has not been tampered with.
179
A salesperson�s corporate laptop had been compromised, and it is suspected that encrypted malware has been installed. Which log files should the cybersecurity analyst search first?
� IPS
� System
� Network
� Endpoint
Endpoint logs, such as those generated by Endpoint Protection Platforms (EPPs) or Endpoint Detection and Response (EDR) solutions, are the most relevant for investigating suspicious activities on a compromised laptop.
180
A junior administrator was tasked with the creation of user accounts in Active Directory. However, this administrator has made several mistakes, putting many users in the wrong groups. Which of the following can be implemented to reduce the error rate?
� Least privilege
� Script for provisioning user accounts
� Script for deprovisioning user accounts
� Group Policy Object
Script for provisioning user accounts.
181
When should change management procedures be rigorously followed within an organization? Select the BEST answer
� Implementing a new company-wide email system
� Conducting routine software updates on employee computers
� Making changes to the firewall configuration
� Reorganizing office seating arrangements
Making changes to the firewall configuration.
182
What type of network is protected by Network Access Control (NAC)?
� Wireless
� Federation
� Ethernet
� Bluetooth
Ethernet
183
In the context of cybersecurity, what is the primary purpose of conducting due diligence?
� To perform hands-on testing of network security protocols
� To ensure that all security measures comply with regulatory standards
� To thoroughly investigate and understand the security practices of a potential business partner before forming a contractual relationship
� To update software and hardware components across an organization's network
To thoroughly investigate and understand the security practices of a potential business partner before forming a contractual relationship. This process ensures that the partner adheres to acceptable security standards and practices and thereby reduces the risks associated with data breaches and compliance issues when entering into contractual relationships.
184
Which of the following decides the contribution of each party, including who will make final decisions?
� SLA
� MSA
� SOW
� BPA
BPA - Business Partnership Agreement.
outlines the terms and conditions of a business relationship between parties, including their respective contributions and who makes each type of decision.
185
While setting up an e-commerce website for a small company, a network administrator opts to establish a web array accessed through a load balancer. What is the primary purpose of utilizing the load balancer?
� To increase website reliability and availability by distributing incoming traffic across multiple identical web servers
� To reduce the cost of hardware by centralizing server management
� To enhance website security
� To improve website performance by caching frequently accessed content
To increase website reliability and availability by distributing incoming traffic across multiple identical web servers
186
An attacker gained access through the perimeter firewall to a server in the screened subnet and, from there, entered the local area network. Which of the following is a centralized system that can correlate and track this intrusion?
� SOAR
� IPS
� SIEM
� IDS
(SIEM) Security Information and Event Management is a centralized system that can correlate and track intrusions across network boundaries.
187
A military unit needs to store its classified data on a separate network from its unclassified data. Which of the following should they use so that only restricted access is allowed on the network that has the classified data?
� VLAN
� Containment
� Eradication
� Segmentation
Segmentation - Involves the isolation of vulnerable devices from the rest of the network to limit their ability to communicate with other devices and reduce the potential impact of the security vulnerability.
188
A system administrator is replacing the hard drive in a file server, a task that takes two hours to complete. Which of the following metrics quantifies this two-hour duration?
� MTBF
� RPO
� MTTR
� RTO
MTTR - Mean Time To Repair
189
An auditor has been tasked with discovering the cause of an IT security incident. Which of the following must they review first?
� Log files
� Lessons learned
� Root cause analysis
� Reporting phase
Root Cause Analysis
Involves investigating the underlying cause or causes of an incident to understand how it originated and identify measures to prevent similar incidents from occurring in the future.
190
A security administrator notices the following security log file entries:
23.00 jscott Login: Failed Password: changeme
23.01 rbear Login: Failed Password: changeme
23.02 fflinstone Login: Failed Password changeme
23.03 Ineil Login: Failed Password: changeme
23.04 fdeeks Login: Failed Password: changeme
What type of attack is this?
� Dictionary
� Brute force
� Pass-the-hash
� Password spraying
Password Spraying
This log pattern, where multiple usernames are attempted with the same password, is an indication of password spraying
191
What specific technique will a developer use to ensure that they can confirm that a piece of code is authentic?
� Hashing
� Digital signature
� Code signing
� Non-repudiation
Code Signing
192
For which of the following reasons does a company adopt an asset register that has an asset tag and an owner against each device? Select TWO.
� To ensure that if a device is involved in an incident, the owner can be contacted
� To verify whether an asset is up to date with patches
� To retrieve company data from devices when an employee leaves the company
� To target devices more effectively during a phishing campaign
To ensure that if a device is involved in an incident, the owner can be contacted.
To retrieve company data from devices when an employee leaves the company.
193
A system administrator is hardening a Windows-based server to enhance its security. Which security feature should they use to obtain real-time monitoring and protection against potentially unwanted programs?
� Windows Defender Antivirus
� Microsoft Intune
� Windows Security Baselines
� Windows Update
Windows Defender Antivirus provides real-time monitoring and protection against potentially unwanted programs; it blocks them and prevents downloads of any such programs as well.
194
What factor is the most important in assessing the effectiveness of a bug bounty program?
� The number of reported bugs
� The severity of the reported vulnerabilities
� The time taken to patch reported bugs
� The satisfaction level of participating security researchers
The severity of the reported vulnerabilities
195
As a company downsizes its premises in the aftermath of COVID, the server room becomes significantly smaller, necessitating a reduction in the number of servers. Which of the following technologies is best suited to help achieve this goal?
� Virtualization
� VLANs
� Segmentation
� Containers
Virtualization allows for the creation of virtual instances of servers, many of which can run on a single physical server. This consolidation reduces the overall number of physical servers required, making it the most suitable technology to optimize space in the smaller server room.
none of the other options reduce the number of phsyical servers.
196
Which of the following can be used to prioritize the impact of a vulnerability?
� CVSS
� CVE
� MITRE ATT&CK
� National Vulnerability Database
CVSS provides a standardized method for assessing and prioritizing the severity of vulnerabilities, setting a score of 9 or 10 for critical and 0.1 to 3.9 for low.
Cve doesn't prioritize them
197
In a complex manufacturing process, a high-tech company relies on multiple third parties for components used in their flagship product. Despite stringent quality control measures at the manufacturer's end, a critical component received from a third-party provider is found to be defective, leading to delays and significant financial losses. What term BEST describes this situation?
� Supply chain disruption
� Vendor negligence
� Quality assurance lapse
� Component failure
Supply Chain Distruption
198
An IT administrator has been tasked with weeding out a massive data archive. However, some of the data cannot be deleted. What is the reason for this?
� Retention
� Encryption
� Permissions
� Hashing
Retention
199
A company uses a legacy card payment system to process all of its credit card transactions. There are no updates for the legacy card payment system. What can the company do to secure the card payment system against potential attacks?
� Patching
� Encryption
� A VLAN
� A jump server
VLAN - Virtual Local Area Network can help segregate and secure the legacy payment system from other parts of the network and reduce the risk of attacks.
200
What is the primary objective of conducting an offensive penetration test on a company's network?
� To assess the physical security of the company's facilities
� To conduct a comprehensive audit of the company's compliance with data protection laws
� To simulate a cyberattack to identify and exploit vulnerabilities in the network's defenses
� To review and update the company's disaster recovery plan
To simulate a cyberattack and ID and exploit vulnerabilities in the network's defenses.
201
Which of the following would most likely use data called intellectual property? (Select the BEST answer.)
� A government department
� A college
� A change advisory board
� A research and development unit
An R&D unit.
202
A cybersecurity administrator finds a USB drive in the reception area of the company. Which of the following tools should they use first?
� Regression testing
� Manual inspection
� Hashing
� Sandbox
Sandboxing is a security mechanism that isolates applications from the rest of the system to prevent them from causing harm.
203
What is the primary goal of conducting passive reconnaissance in the context of a cybersecurity assessment?
� To directly interact with the target's systems to elicit responses and gather information
� To collect data about the target through indirect methods without alerting the target
� To implement firewall and antivirus systems on the target network
� To perform physical security checks on the target's infrastructure
To collect data about the target through indirect methods without alerting the target.
204
Ten of the booths used by a museum to host videos have become legacy booths as the manufacturer has gone out of business. Which of the following is the MAIN security concern?
� Exfiltration of data
� Patch availability
� Location of the booths
� CCTV to monitor the booths
Patch availability
No further updates or patches will be released for the legacy booths, meaning that these machines will remain vulnerable to security exploits and threats.
205
Which of the following is a potential indication of a business email compromise attack? Choose the BEST option.
� Receiving an email from a supply chain provider
� Receiving an email with a link to a company website
� Receiving an email that has a free gift using an executives name in the From field
� Receiving an email from HR telling you to fill in a form
Receiving an email that has a free gift using an executives name in the From field
206
Which of the following controls can a CCTV system provide? (Select TWO.)
� Detective
� Physical
� Preventative
� Deterrent
Detective and Preventative
207
A contractor won a contract to collect the burn bags from a military base. When the contractor collects their first load of burn bags, what should they issue the military unit with?
� A collection receipt
� A destruction certificate
� A sanitization certificate
� An inventory of the bags collected
A destruction Certificate
208
A systems administrator has been tasked with the protection of data residing on the CEOs laptop. Which of the following should they use to encrypt this data?
� File-level encryption
� Full disk encryption
� Homomorphic encryption
� Partition encryption
FDE - Full Disk Encryption
209
In software development, what term describes the situation when an application fails to start due to missing components it relies on?
� Component insufficiency
� Dependency failure
� Application hindrance
� System blackout
Dependency failure
210
Which of the following is the MOST CRITICAL when planning security awareness training for existing employees? Select TWO.
� Situational awareness training
� Frequency and duration
� Social awareness exposure
� Feedback
Situational Awareness Training
Frequency and Duration
211
The customer service team has just had a new system installed. Only the customer services manager will have administrative rights over the new system. Which of the following has been implemented?
� Separation of duties
� Least privilege
� Attribute-based access control
� Rule-based access control
Least Privilege
212
In an organization's security awareness training program, what aspect is emphasized as the MOST CRITICAL for preventing cyber threats?
� Implementing multi-factor authentication for all accounts
� Conducting regular vulnerability assessments
� Reporting suspicious activities and potential security threats
� Implementing strict firewall rules
Reporting Suspicious Activities and Potential Security Threats - MOST important
213
What is the primary purpose of DomainKeys Identified Mail (DKIM) in email security?
� To encrypt email messages for secure transmission.
� To verify the sender's identity and integrity of email messages.
� To filter spam emails based on sender reputation.
� To block attachments in emails for security reasons.
To verify the sender's identity and integrity of email messages.
214
An administrator has been tasked with creating customized reports for a new application. In which of the following phases of the software development life cycle (SDLC) are they operating?
� Development
� Staging
� Production
� Testing
Staging phase in the SDLC is where software is tested in an environment that closely mimics the production environment but is not live. Creating customized reports at this stage allows the administrator to validate data and functionalities before they are moved to the production phase.
215
What is the primary purpose of the "Right to be forgotten" clause in data protection regulations?
� To allow individuals to request the deletion of their personal data from a company's records when it is no longer necessary or relevant
� To ensure that data is encrypted and secure from unauthorized access
� To mandate regular audits of data handling practices
� To require companies to keep personal data indefinitely for historical and research purposes
To allow individuals to request the deletion of their personal data from a company's records when it is no longer necessary or relevant.
216
An engineer is called out to investigate a suspected malware attack at a company's headquarters. Upon inspection, the engineer discovers that there is no malware. What type of incident does this describe?
� False negative
� False positive
� True positive
� Lack of updates on the server
False Positive
217
During a change management process, implemented changes did not achieve the expected outcomes. What should be done next?
� Implement a roll-back plan
� Take a snapshot
� Engage in parallel processing
� Implement a back-out plan
A back-out plan outlines the steps to revert the changes and restore the system to its previous state if the changes do not produce the expected results.
218
The external auditors at a large hospital have discovered that a doctor has been carrying out illegal drug trials using hospital patients. The auditor informed hospital management, who need to collect more information before they are able to take any action. What should the hospital security team do first?
� Take an image of the doctors laptop
� Place the doctors mailbox on legal hold
� Suspend the doctor without pay
� Notify the regulators
Placing the doctors mailbox on legal hold preserves electronic evidence by ensuring that any emails or communications cannot be deleted during the investigation.
219
An engineer is installing three security cameras for a customer. Which of the following actions should take priority? (Select TWO.)
� Hand the customer the cameras warranty
� Run a vulnerability scan
� Change the default password
� Clean the cameras lenses
Run a vulnerability scan
Change the default password
220
Why might a cybersecurity analyst audit the devices that are listed in their asset register? (Select the BEST answer.)
� To ensure compliance with industry standards and regulations
� To identify potential vulnerabilities and weaknesses in the system
� To ensure that the devices can be located
� To monitor network traffic and detect any suspicious activities
To Identify potential vulnerabilites and weknesses in the system.
221
A network administrator wants to set up a load balancer to control traffic going to their web array. Which of the following do they need to implement to accomplish this?
� Identical hosts
� Encrypted hosts
� Parallel processing
� Dual network cards
Identical Hosts
222
Function of an SSH Key
These provide a secure and password-less way for remote access to a Linux server. Uses public and private key.
