EMT Practice Test

1. Question Content...


Question List

Question1: An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Question2: An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

Question3: A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.
Which of the following is the most important consideration during development?

Question4: Which of the following penetration testing teams is focused only on trying to compromise an organization using an attacker's tactics?

Question5: A security administrator notices numerous unused, non-compliant desktops are connected to the network. Which of the following actions would the administrator most likely recommend to the management team?

Question6: A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

Question7: Which of the following data roles is responsible for identifying risks and appropriate access to data?

Question8: An organization wants a third-party vendor to do a penetration test that targets a specific device.
The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

Question9: A company is experiencing a web services outage on the public network. The services are up and available but inaccessible. The network logs show a sudden increase in network traffic that is causing the outage. Which of the following attacks is the organization experiencing?

Question10: An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company's security awareness training program?

Question11: Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Question12: Which of the following most likely describes why a security engineer would configure all outbound emails to use S/MIME digital signatures?

Question13: A company is concerned about the theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?

Question14: A company that is located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to immediately continue operations.
Which of the following is the best type of site for this company?

Question15: Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

Question16: An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in, so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

Question17: A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:
(Error 13): /etc/shadow: Permission denied.
Which of the following best describes the type of tool that is being used?

Question18: A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Question19: A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

Question20: In which of the following scenarios is tokenization the best privacy technique 10 use?

Question21: An external vendor recently visited a company's headquarters tor a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server.
The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

Question22: A security analyst received a tip that sensitive proprietary information was leaked to the public.
The analyst is reviewing the PCAP and notices traffic between an internal server and an external host that includes the following:
...
12:47:22.327233 PPPoE [ses 0x8122] IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto IPv6 (41), length 331) 10.5.1.1 > 52.165.16.154: IP6 (hlim E3, next-header TCP (6) paylcad length: 271)
2001:67c:2158:a019::ace.53104 >
2001:0:5ef5:79fd:380c:dddd:a601:24fa.13788: Flags [P.], cksum 0xd7ee
(correct), seq 97:348, ack 102, win 16444, length 251
...
Which of the following was most likely used to exfiltrate the data?

Question23: A security analyst needs to propose a remediation plan 'or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

Question24: Which of the following alert types is the most likely to be ignored over time?

Question25: A security analyst recently read a report about a flaw in several of the organization's printer models that causes credentials to be sent over the network in cleartext, regardless of the encryption settings. Which of the following would be best to use to validate this finding?

Question26: During an annual review of the system design, an engineer identified a few issues with the currently released design. Which of the following should be performed next according to best practices?

Question27: A security team created a document that details the order in which critical systems should be through back online after a major outage. Which of the following documents did the team create?

Question28: A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?

Question29: A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior. Which of the following would be best for the administrator to reference?

Question30: A company's online shopping website became unusable shortly after midnight on January 30,
2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:

Which of the following should the analyst do next?

Question31: A newly identified network access vulnerability has been found in the OS of legacy IoT devices.
Which of the following would best mitigate this vulnerability quickly?

Question32: An organization's internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

Question33: An organization completed a project to deploy SSO across all business applications last year.
Recently, the finance department selected a new cloud-based accounting software vendor. Which of the following should most likely be configured during the new software deployment?

Question34: An organization experienced a security breach that allowed an attacker to send fraudulent wire transfers from a hardened PC exclusively to the attacker's bank through remote connections. A security analyst is creating a timeline of events and has found a different PC on the network containing malware. Upon reviewing the command history, the analyst finds the following:
PS>.\mimikatz.exe "sekurlsa::pth /user:localadmin /domain:corp-
domain.com /ntlm:B4B9B02E1F29A3CF193EAB28C8D617D3F327
Which of the following best describes how the attacker gained access to the hardened PC?

Question35: An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users' passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Question36: A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Question37: An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

Question38: Which of the following is used to conceal credit card information in a database log file?

Question39: Which of the following is best to use when determining the severity of a vulnerability?

Question40: Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.
Which of the following changes would allow users to access the site?

Question41: Which of the following agreement types is used to limit external discussions?

Question42: A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain's URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

Question43: Which of the following scenarios describes a possible business email compromise attack?

Question44: Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information?

Question45: A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

Question46: Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?

Question47: A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which of the following architectures is best suited for this goal?

Question48: A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

Question49: A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Question50: A development team is launching a new public-facing web product. The Chief Information Security Officer has asked that the product be protected from attackers who use malformed or invalid inputs to destabilize the system. Which of the following practices should the development team implement?

Question51: A security investigation revealed that malicious software was installed on a server using a server administrator's credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?

Question52: The security operations center is researching an event concerning a suspicious IP address. A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced failed log-in attempts when authenticating from the same IP address:

Which of the following most likely describes the attack that took place?

Question53: Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

Question54: An organization wants to ensure the integrity of compiled binaries in the production environment.
Which of the following security measures would best support this objective?

Question55: A company is reviewing options to enforce user logins after several account takeovers. The following conditions must be met as part of the solution:
- Allow employees to work remotely or from assigned offices around the
world.
- Provide a seamless login experience.
- Limit the amount of equipment required.
Which of the following best meets these conditions?

Question56: A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Question57: A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on- premises IT infrastructure. Which of the following would best secure the organization?

Question58: Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

Question59: A company is working with a vendor to perform a penetration test. Which of the following includes an estimate about the number of hours required to complete the engagement?

Question60: An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

Question61: A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicloud provider environment.
The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would best meet the architect's objectives?

Question62: An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Question63: Which of the following data roles is responsible for identifying risks and appropriate access to data?

Question64: An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

Question65: A company wants to ensure that the software it develops will not be tampered with after the final version is completed. Which of the following should the company most likely use?

Question66: The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources.
Which of the following should the CISO present to the board as the direct consequence of non- compliance?

Question67: During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?

Question68: A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?

Question69: Which of the following would be the most appropriate way to protect data in transit?

Question70: The executive management team is mandating the company develop a disaster recovery plan.
The cost must be kept to a minimum, and the money to fund additional internet connections is not available. Which of the following would be the best option?

Question71: A security operations center determines that the malicious activity detected on a server is normal.
Which of the following activities describes the act of ignoring detected activity in the future?

Question72: An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible.
Which of the following models offers the highest level of security?

Question73: While investigating a possible incident, a security analyst discovers the following log entries:
67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] "GET /query.php?q-wireless%20headphones / HTTP/1.0" 200 12737
132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] "GET /query.php?q=123 INSERT INTO users VALUES('temp', 'pass123')# / HTTP/1.0" 200 935
12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] "GET /query.php?q=mp3%20players I HTTP/1.0" 200 14650 Which of the following should the analyst do first?

Question74: The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening?

Question75: Which of the following best describes the risk present after controls and mitigating factors have been applied?

Question76: Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

Question77: An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

Question78: A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

Question79: Which of the following is a hardware-specific vulnerability?

Question80: A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

Question81: Which of the following describes effective change management procedures?

Question82: A company hired a security manager from outside the organization to lead security operations.
Which of the following actions should the security manager perform first in this new role?

Question83: A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

Question84: A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend?

Question85: A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Question86: Which of the following enables the use of an input field to run commands that can view or manipulate data?

Question87: A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objectives. Which of the following will be the best method to achieve this objective?

Question88: After a recent ransomware attack on a company's system, an administrator reviewed the log files.
Which of the following control types did the administrator use?

Question89: Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device's drive if the device is lost?

Question90: A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

Question91: Which of the following can best protect against an employee inadvertently installing malware on a company system?

Question92: A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the
/etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

Question93: A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

Question94: Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Question95: An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future?

Question96: A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours.
Which of the following is most likely occurring?

Question97: Which of the following topics would most likely be included within an organization's SDLC?

Question98: A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.
Which of the following teams will conduct this assessment activity?

Question99: An organization requests a third-party full-spectrum analysis of its supply chain. Which of the following would the analysis team use to meet this requirement?

Question100: An administrator is Investigating an incident and discovers several users' computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks Is most likely the cause of the malware?

Question101: Local guidelines require that all information systems meet a minimum security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?

Question102: An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Question103: A utility company is designing a new platform that will host all the virtual machines used by business applications. The requirements include:
- A starting baseline of 50% memory utilization
- Storage scalability
- Single circuit failure resilience
Which of the following best meets all of these requirements?

Question104: A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?

Question105: Which of the following is required for an organization to properly manage its restore process in the event of system failure?

Question106: Which of the following types of identification methods can be performed on a deployed application during runtime?

Question107: An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

Question108: An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Question109: Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Question110: Which of the following security controls is most likely being used when a critical legacy server is segmented into a private network?

Question111: A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

Question112: Which of the following is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

Question113: An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

Question114: Hotspot Question
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question115: An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

Question116: Which of the following provides the details about the terms of a test with a third-party penetration tester?

Question117: A customer has a contract with a CSP and wants to identify which controls should be implemented in the IaaS enclave. Which of the following is most likely to contain this information?

Question118: An auditor discovered multiple insecure ports on some servers. Other servers were found to have legacy protocols enabled. Which of the following tools did the auditor use to discover these issues?

Question119: An organization would like to calculate the time needed to resolve a hardware issue with a server.
Which of the following risk management processes describes this example?

Question120: The security team at a large global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?

Question121: A security analyst is assessing several company firewalls. Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment?

Question122: A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

Question123: Which of the following control types is AUP an example of?

Question124: An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?

Question125: An employee in the accounting department receives an email containing a demand for payment tot services performed by a vendor However, the vendor is not in the vendor management database. Which of the following in this scenario an example of?

Question126: A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

Question127: Which of the following is the first step to take when creating an anomaly detection process?

Question128: An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Question129: A company relies on open-source software libraries to build the software used by its customers.
Which of the following vulnerability types would be the most difficult to remediate due to the company's reliance on open-source libraries?

Question130: Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

Question131: A company's public-facing website, https://www.organization.com, has an IP address of
166.18.75.6. However, over the past hour the SOC has received reports of the site's homepage displaying incorrect information. A quick nslookup search shows https://www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?

Question132: A security officer is implementing a security awareness program and has placed security-themed posters around the building and assigned online user training. Which of the following will the security officer most likely implement?

Question133: Which of the following would be best suited for constantly changing environments?

Question134: A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?

Question135: A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

Question136: An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

Question137: A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Question138: Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?

Question139: A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

Question140: Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company's internal network?

Question141: Which of the following involves an attempt to take advantage of database misconfigurations?

Question142: A website user is locked out of an account after clicking an email link and visiting a different website Web server logs show the user's password was changed, even though the user did not change the password. Which of the following is the most likely cause?

Question143: Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

Question144: A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Question145: A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.
Which of the following analysis elements did the company most likely use in making this decision?

Question146: A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

Question147: Which of the following is most likely to be deployed to obtain and analyze attacker activity and techniques?

Question148: A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?

Question149: Which of the following considerations is the most important regarding cryptography used in an IoT device?

Question150: An organization wants to improve the company's security authentication method for remote employees. Given the following requirements:
- Must work across SaaS and internal network applications
- Must be device manufacturer agnostic
- Must have offline capabilities
Which of the following would be the most appropriate authentication method?

Question151: Which of the following teams is best suited to determine whether a company has systems that can be exploited by a potential, identified vulnerability?

Question152: A systems administrator is looking for a low-cost application-hosting solution that is cloud-based.
Which of the following meets these requirements?

Question153: Which of the following would most likely mitigate the impact of an extended power outage on a company's environment?

Question154: Which of the following phases of an incident response involves generating reports?

Question155: A network administrator is working on a project to deploy a load balancer in the company's cloud environment. Which of the following fundamental security requirements does this project fulfil?

Question156: A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

Question157: A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?

Question158: A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?

Question159: An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user.
Which of the following best describes the type of attack that occurred?

Question160: An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

Question161: A security analyst is reviewing the logs on an organization's DNS server and notices the following unusual snippet:

Which of the following attack techniques was most likely used?

Question162: An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

Question163: A systems administrator would like to deploy a change to a production system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue?

Question164: A security practitioner completes a vulnerability assessment on a company's network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

Question165: The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

Question166: A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?

Question167: An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user's activity?

Question168: Which of the following would be the best way to handle a critical business application that is running on a legacy server?

Question169: Which of the following agreement types defines the time frame in which a vendor needs to respond?

Question170: An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

Question171: A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?

Question172: A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?

Question173: The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal.
Which of the following would most likely be configured to meet the requirements?

Question174: Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?

Question175: A company's web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Question176: Which of the following is considered a preventive control?

Question177: A systems administrator notices that a testing system is down. While investigating, the systems administrator finds that the servers are online and accessible from any device on the server network. The administrator reviews the following information from the monitoring system:

Which of the following is the most likely cause of the outage?

Question178: A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?

Question179: A security administrator is working to secure company data on corporate laptops in case the laptops are stolen. Which of the following solutions should the administrator consider?

Question180: A multinational bank hosts several servers in its data center. These servers run a business-critical application used by customers to access their account information. Which of the following should the bank use to ensure accessibility during peak usage times?

Question181: Which of the following is die most important security concern when using legacy systems to provide production service?

Question182: An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of other popular websites. Which of the following should the company implement?

Question183: Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

Question184: A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

Question185: Which of the following best describes a use case for a DNS sinkhole?

Question186: A security administrator is configuring fileshares. The administrator removed the default permissions and added permissions for only users who will need to access the fileshares as part of their job duties. Which of the following best describes why the administrator performed these actions?

Question187: A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?