Set 3

Question: 91

An organization wants a third-party vendor to do a penetration test that targets a specific

device. The organization has provided basic information about the device. Which of the
following best describes this kind of penetration test?

A. Partially known environment

B. Unknown environment
C. Integrated
D. Known environment

Question: 92

An attacker posing as the Chief Executive Officer calls an employee and instructs the
employee to buy gift cards. Which of the following techniques is the attacker using?

A. Smishing
B. Disinformation
C. Impersonating
D. Whaling

Question: 93

An analyst is evaluating the implementation of Zero Trust principles within the data plane.
Which of the following would be most relevant for the analyst to evaluate?

A. Secured zones
B. Subject role
C. Adaptive identity
D. Threat scope reduction

Question: 94

An organization is leveraging a VPN between its headquarters and a branch location. Which
of the following is the VPN protecting?

A. Data in use
B. Data in transit
C. Geographic restrictions
D. Data sovereignty

Question: 95

The marketing department set up its own project management software without telling the
appropriate departments. Which of the following describes this scenario?

A. Shadow IT
B. Insider threat
C. Data exfiltration
D. Service disruption

Question: 96

An enterprise is trying to limit outbound DNS traffic originating from its internal network.
Outbound DNS requests will only be allowed from one device with the IP address
10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny
10.50.10.25/32 0.0.0.0/0 port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53 Access list outbound deny
0.0.0.0/0 0.0.0.0/0 port 53
C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny
0.0.0.0/0 10.50.10.25/32 port 53
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny
0.0.0.0/0 0.0.0.0/0 port 53

Question: 97

After a security incident, a systems administrator asks the company to buy a NAC platform.
Which of the following attack surfaces is the systems administrator trying to protect?

A. Bluetooth
B. Wired
C. NFC
D. SCADA

Question: 98

Which of the following factors are the most important to address when formulating a training
curriculum plan for a security awareness program? (Select two).

A. Channels by which the organization communicates with customers

B. The reporting mechanisms for ethics violations
C. Threat vectors based on the industry in which the organization operates
D. Secure software development training for all personnel
E. Cadence and duration of training events F. Retraining requirements for individuals who fail
phishing simulations

Question: 99

An organization disabled unneeded services and placed a firewall in front of a business-

critical legacy system. Which of the following best describes the actions taken by the
organization?

A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls
Question: 100

Which of the following is the best reason to complete an audit in a banking environment?

A. Regulatory requirement
B. Organizational change
C. Self-assessment requirement
D. Service-level requirement

Question: 101

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive

customer data. Which of the following should the administrator do first?

A. Block access to cloud storage websites.

B. Create a rule to block outgoing email attachments.
C. Apply classifications to the data.
D. Remove all user permissions from shares on the file server.

Question: 102

Which of the following describes a security alerting and monitoring tool that collects system,
application, and network logs from multiple sources in a centralized system?

A. SIEM
B. DLP
C. IDS
D. SNMP

Question: 103

Which of the following are cases in which an engineer should recommend the
decommissioning of a network device? (Select two).

A. The device has been moved from a production environment to a test environment.
B. The device is configured to use cleartext passwords.
C. The device is moved to an isolated segment on the enterprise network.
D. The device is moved to a different location in the enterprise.
E. The device's encryption level cannot meet organizational standards.
F. The device is unable to receive authorized updates.

Question: 104

An administrator assists the legal and compliance team with ensuring information about
customer transactions is archived for the proper time period. Which of the following data
policies is the administrator carrying out?

A. Compromise
B. Retention
C. Analysis
D. Transfer E. Inventory
Question: 105

A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.
• Enforce a company-wide access control policy.
• Reduce the scope of threats. Which of the following is the systems administrator setting
up?

A. Zero Trust
B. AAA
C. Non-repudiation
D. CIA

Question: 106

A security administrator needs a method to secure data in an environment that includes

some form of checks so that the administrator can track any changes. Which of the following
should the administrator set up to achieve this goal?

A. SPF
B. GPO
C. NAC
D. FIM

Question: 107

Which of the following is the phase in the incident response process when a security analyst
reviews roles and responsibilities?

A. Preparation
B. Recovery
C. Lessons learned
D. Analysis

Question: 108

A company is discarding a classified storage array and hires an outside vendor to complete
the disposal. Which of the following should the company request from the vendor?

A. Certification
B. Inventory list
C. Classification
D. Proof of ownership

Question: 109

Which of the following would be the best ways to ensure only authorized personnel can
access a secure facility? (Select two).

A. Fencing
B. Video surveillance
C. Badge access
D. Access control vestibule
E. Sign-in sheet F. Sensor

Question: 110

A company's marketing department collects, modifies, and stores sensitive customer data.
The infrastructure team is responsible for securing the data while in transit and at rest.
Which of the following data roles describes the customer?

A. Processor
B. Custodian
C. Subject
D. Owner

Question: 111

Malware spread across a company's network after an employee visited a compromised

industry blog. Which of the following best describes this type of attack?

A. Impersonation
B. Disinformation
C. Watering-hole
D. Smishing

Question: 112

After a recent ransomware attack on a company's system, an administrator reviewed the log
files. Which of the following control types did the administrator use?

A. Compensating
B. Detective
C. Preventive
D. Corrective

Question: 113

Which of the following agreement types defines the time frame in which a vendor needs to
respond?

A. SOW
B. SLA
C. MOA
D. MOU

Question: 114

A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks
and allow for comprehensive investigations if an attack occurs. The company uses SSL
decryption to allow traffic monitoring. Which of the following strategies would best
accomplish this goal?
A. Logging all NetFlow traffic into a SIEM
B. Deploying network traffic sensors on the same subnet as the servers
C. Logging endpoint and OS-specific security logs
D. Enabling full packet capture for traffic entering and exiting the servers

Question: 115

A client demands at least 99.99% uptime from a service provider's hosted security services.
Which of the following documents includes the information the service provider should return
to the client?

A. MOA
B. SOW
C. MOU
D. SLA

Question: 116

A company is adding a clause to its AUP that states employees are not allowed to modify the
operating system on mobile devices. Which of the following vulnerabilities is the organization
addressing?

A. Cross-site scripting
B. Buffer overflow
C. Jailbreaking
D. Side loading

Question: 117

Which of the following practices would be best to prevent an insider from introducing
malicious code into a company's development process?

A. Code scanning for vulnerabilities

B. Open-source component usage
C. Quality assurance testing
D. Peer review and approval

Question: 118

A systems administrator is creating a script that would save time and prevent human error
when performing account creation for a large number of end users. Which of the following
would be a good use case for this task?

A. Off-the-shelf software
B. Orchestration
C. Baseline
D. Policy enforcement
Question: 119

After an audit, an administrator discovers all users have access to confidential data on a file
server. Which of the following should the administrator use to restrict access to the data
quickly?

A. Group Policy
B. Content filtering
C. Data loss prevention
D. Access control lists

Question: 120

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the
increase of ransomware-as-a-service in a report to the management team. Which of the
following best describes the threat actor in the CISO's report?

A. Insider threat
B. Hacktivist
C. Nation-state
D. Organized crime