QUESTION 61
A developer used their workstation to generate keys that are used to secure a mission-critical application. A security engineer needs to reduce the risk of unauthorized disclosure of keying material. Which of the following is the best way to increase the security of the process?
A. HSM
B. SED
C. FDE
D. TPM
Correct Answer: A
QUESTION 62
An organization has several systems deployed in a public cloud and wants to confirm that when data retention periods are reached, the data is properly disposed of. Which of the following best meets the organization’s needs?
A. Double encrypting the data using both asymmetric and symmetric keys managed by the cloud service provider
B. Utilizing a data-wiping software to overwrite the existing data
C. Encrypting the data with customer-managed keys and then deleting both the encryption key and the volume
D. Asking the cloud provider for copies of certificates of destruction
Correct Answer: C
QUESTION 63
An organization is increasing its focus on training that addresses new social engineering and phishing attacks. Which of the following is the organization most concerned about?
A. Meeting existing regulatory compliance
B. Overreliance on AI support bots
C. Generative AI tools increasing the quality of exploits
D. Differential analysis using AI models
Correct Answer: C
QUESTION 64
A multinational enterprise is planning to implement a centralized authentication solution across its global offices. The risk team identifies that some regional offices operate in areas with high latency and some data centers experience intermittent connectivity issues. The Chief information Officer requests a solution that minimizes authentication disruptions without compromising security. Which of the following is the best risk treatment strategy?
A. Implement a hybrid identity solution with local failover authentication.
B. Require that all users authenticate only during on-site visits to headquarters.
C. Accept the risk due to the low probability of simultaneous authentication failures.
D. Outsource authentication to a third-party cloud provider.
Correct Answer: A
QUESTION 65
An incident response analyst collects a malicious artifact and unsuccessfully performs reverse engineering. When the analyst executes the same file in a sandbox and collects primary memory content, they recover some readable content. Which of the following solutions would most likely provide better information about the malicious artifact?
A. Disassembling to check for obfuscation techniques
B. Extracting code only with the proper cryptographic key
C. Collecting primary memory content and analyzing existing strings
D. Decompiling the artifact and reviewing the content
Correct Answer: C
QUESTION 66
A software company is implementing a tool for logging and monitoring. The tool will be used to log dependent transactions. Which of the following should the company implement if transaction correlational dependency and integrity is of the highest importance?
A. Homomorphic encryption
B. Digital signatures
C. Serialization with hashing
D. Immutable database
Correct Answer: D
QUESTION 67
Following a security incident, a company decides to improve its device management. The company establishes the following requirements for the new process:
1. EOL devices must be properly replaced in a timely manner.
2. Accurate, detailed information about the devices must be available in a centralized repository.
Which of the following should the company do to meet these requirements? (Select two).
A. Configure agent-based vulnerability scanning tools.
B. Implement an asset management life cycle.
C. Switch to a BYOD policy.
D. Transition to a virtual desktop infrastructure.
E. Establish a quality assurance program.
F. Maintain a configuration management database.
Correct Answer: BF
QUESTION 68
An organization must provide access to its internal system data. The organization requires that this access complies with the following:
1. Access must be automated.
2. Data confidentiality must be preserved.
3. Access must be authenticated.
4. Data must be preprocessed before it is retrieved.
Which of the following actions should the organization take to meet these requirements?
A. Configure a reverse proxy to protect the data.
B. Implement an on-demand VPN connection.
C. Deploy an API gateway protected with access tokens.
D. Continually publish all relevant data to a CDN.
Correct Answer: C
QUESTION 69
ASOC engineer is designing a solution to automate a sequence of tasks in a timely manner with the least amount of effort. The following objectives must be met:
1. IOCs must be verified.
2. Malicious domains must be blocked on all firewalls and email gateways.
3. An email must be sent confirming the status of the operations.
Which of the following is the best way to achieve this goal?
A. Using APIs to perform queries over the IOC
B. Using a TAXII server to share STIX files
C. Running SCAP to configure the baseline
D. Deploying and executing playbooks
Correct Answer: D
QUESTION 70
A security analyst performs a trend analysis and notices an increase in sensitive information being exchanged via email. Some impersonation attacks targeting company executives have also occurred. The company wants to provide a secure way for users to send emails and help them easily identify real emails from executives. Which of following is the most suitable solution?
A. Implement S/MIME certificates and display a certificate icon to validate the sender’s identity.
B. Implement an email protection solution and standardize the email’s signature.
C. Implement pretty good privacy (PGP) to encrypt emails and simulate phishing emails.
D. Implement a DLP solution and a security awareness training program.
Correct Answer: A
QUESTION 71
A security consultant recommends that a solution be deployed to increase awareness of APTs throughout the IT and OT environments. The consultant’s requirements state that the solution must:
1. Be capable of collecting data from both OT and IT protocols.
2. Operate within new microsegmented and air-gapped network architecture.
3. Provide both correlation of events and retention of raw log data and incidents.
4. Integrate with the ITSM platform and employee paging system.
Which of the following solutions best meets these requirements?
A. SASE deployment with an Always On VPN
B. A next-generation firewall with intrusion prevention services
C. A vulnerability scanner with agentless scanning
D. SIEM with remote collectors
Correct Answer: C
QUESTION 72
A company recently acquired a manufacturing plant. The acquiring company plans to create a unified network that does not impact its security posture. The manufacturing plant has been in operation for more than 30 years and has not followed an equipment replacement life cycle. Which of the following is the best way to meet this objective?
A. Implementing a WAF and patching the legacy IT equipment
B. Extending an SD-WAN with specific policies
C. Using a site-to-site VPN and integrating the manufacturing plant into the SIEM
D. Deploying a proxy server at the manufacturing plant
Correct Answer: B
QUESTION 73
A security architect wants to integrate a new data source for its SoC team that meets the following requirements:
1. Incident escalation should include specific data points.
2. Clear remediation actions should be included for the incident response team.
3. Timeliness and accuracy are the most important factors.
Which of the following is the best way to meet the architect’s objective?
A. Known-exploit vulnerability database
B. Review incident escalation playbook
C. Validation of incident scoring
D. Industry threat feeds from the ISAC
Correct Answer: A
QUESTION 74
Which of the following explains why an organization should carefully consider whether to use AI to automate processes that interact with healthcare data?
A. The model may be susceptible to Al pipeline injections.
B. The model may be susceptible to information disclosure.
C. The model may be susceptible to social engineering.
D. The model may be susceptible to model inversion.
Correct Answer: B
QUESTION 75
A security engineer is reviewing a security incident in which an employee account was compromised.
Username: employee1
Password: Thi5i5aPaSSw0rd
Last logon: 2025-04-08 19:23:56uTC ASN-Unknown Location
Previous logon: 2025-04-08 19:21:560TC ASN-Locationl
Password last modification date: 2025-03-07 09:08 :08UTC
MEA status: enabled
Which of the following is the best way to reduce the probability of a future compromise?
A. Using a different third-party MFA vendor
B. Configuring password complexity to include special characters
C. Implementing conditional access across the organization
D. Increasing the rotation rate of account credentials
Correct Answer: C
QUESTION 76
A security analyst must design a system infrastructure that aligns to industry best practices and established frameworks. Which of the following should the analyst do first?
A. Establish a centralized logging tier.
B. Assign data labeling and data classification models.
C. Implement a vulnerability management program.
D. Perform a gap assessment of the security controls.
Correct Answer: D
QUESTION 77
A company’s phishing awareness training, which includes random phishing campaigns, has not significantly reduced the number of employees who continue to click on phishing links. Which of the following is the most practical method to prevent reoccurrences?
A. Publishing a list of known domain names that have been used Iin phishing attempts
B. Developing internal procedures for employee review to address what happens if a phishing attempt is successful
C. Sending monthly reports to the management team that highlight employees who repeatedly fall the exercise
D. Revoking network access to any employee who interacts with a malicious link
Correct Answer: B
QUESTION 78
A security team must design a solution to prevent data loss if a removable SSD is lost or stolen. The removable media policy requires the following:
1. Only a few users can access these drives.
2. The software baselines must remain unchanged.
3. The solution must be OS-neutral.
Which of the following encryption techniques allows the team to meet the policy requirements?
A. BitLocker
B. File-level
C. LUKS
D. Hardware
Correct Answer: B
QUESTION 79
Consultants for a company learn that customs agents at foreign border crossings are demanding device inspections. The company wants to:
1. Minimize the risk to its data by storing its most sensitive data inside of a security container.
2. Obfuscate containerized data on command.
Which of the following technologies is the best way to accomplish this goal?
A. SED
B. eFuse
C. UEFI
D. vTPM
E. MicroSD HSM
Correct Answer: E
QUESTION 80
An engineer is designing a wireless access solution that must comply with the IEEE-specified security requirements for the 802.1X protocol. The engineer wants to streamline access by removing the need to provide a wPA2 PSK and domain credentials each time for access. Which of the following actions best meet this requirement? (Select two).
A. Issuing client authentication certificates to devices
B. Issuing a separate 32-bit key to wireless supplicants
C. Configuring RADIUS with EAP-TLS
D. Using a geofence over the facility and enforcing it for access
E. Configuring RADIUS with EAP-PEAP
F. Configuring RADIUS with EAP-FAST
Correct Answer: AC
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.