QUESTION 21
A Chief Information Security Officer (CISO) implements a new policy that users can no longer access fantasy sports sites while at work. The CISO wants to implement a solution that can adapt to new sites coming online and not have to constantly determine which sites are related to fantasy sports. Which of the following is the best capability for the CISO to leverage?
A. IPS
B. URL scanning
C. Content categorization
D. Static denial list
E. DLP
Correct Answer: C
QUESTION 22
Which of the following phishing-resistant authentication methods reduce the chances of successful social engineering attacks? (Select two)
A. IM OTP
B. Phone calls
C. Passwordless
D. SMS
E. Security keys
F. Email
Correct Answer: CE
QUESTION 23
A software company currently secures access using a combination of traditional username/password configurations and one-time passwords for MFA. However, employees still struggle to maintain both a password manager and the authenticator application. The company wants to migrate to a single, integrated authentication solution that is more secure and provides a smoother login experience for its employees. Which of the following solutions will best satisfy the company’s needs?
A. Migrating to FIDO2 passkeys, utilizing built-in device biometrics for user authentication
B. Implementing SMS-based one-time passwords as the primary second factor for all logins
C. Implementing SAML federation across authentication servers so employees can use SSO to access applications
D. Deploying a PKI system that requires all employees to use smart cards for login access
Correct Answer: A
QUESTION 24
A smart lighting system is deployed in an office building. The devices connect to the corporate Wi-Fi and are managed via a cloud portal. Which of the following security techniques reduces risk for these loT devices?
A. Assigning static IP addresses to the devices
B. Updating default credentials and applying network segmentation
C. Connecting the devices to the guest Wi-Fi to prevent interactions with corporate IT
D. Allowing the vendor to have remote access for day-to-day management
Correct Answer: B
QUESTION 25
Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?
A. It improves server performance by reducing software bugs.
B. It addresses known software vulnerabilities before they are exploited.
C. It eliminates the need for firewalls and intrusion detection.
D. It removes the need for antivirus tools.
Correct Answer: B
QUESTION 26
Following a security review, an organization must ensure users verify their identities against the company’s identity services with individual credentials leveraging WPA2-enterprise for wireless access. Which of the following configuration steps correctly applies RADIUS in this environment?
A. Enabling 802.1X authentication and integrating it with the corporate directory
B. Installing self-signed certificates on all user devices
C. Enabling MAC filters for all wireless clients
D. Configuring the wireless controller to require multifactor authentication
Correct Answer: A
QUESTION 27
A company deploys a new server that a client must be able to access at all times. Which of the following will support this availability requirement?
A. Proxy server
B. Jump server
C. Geographic restrictions
D. Load balancer
Correct Answer: D
QUESTION 28
A small business initially plans to open common communications ports (21, 22, 25, 80, 443) on its firewall to allow broad access to its screened subnet. However, their security consultant advises against this action. Which of the following security principles is the consultant addressing?
A. Secure access service edge
B. Attack surface
C. Least privilege
D. Separation of duties
Correct Answer: B
QUESTION 29
Staff members at a company historically click on dangerous links. The leadership team wants to reduce that risk. Which of the following should a security engineer do to help reduce future incidents?
A. Create and run a realistic email test and provide a refresher.
B. Leverage plaintext emails to remove clickable links.
C. Block all unsigned email attachments for all employees.
D. Perform header analysis for sender reputation.
Correct Answer: A
QUESTION 30
Which of the following best describes the purpose of using deception technologies in a security strategy?
A. To prevent malware installation through endpoint protection tools
B. To block all external traffic before it reaches critical information systems
C. To lure attackers to controlled environments to collect threat intelligence
D. To detect insider threats by monitoring privileged user accounts
Correct Answer: C
QUESTION 31
A company wants to use new Wi-Fi-enabled environmental sensors in order to automatically collect metrics. Which of the following will the security team most likely do?
A. Add the sensor software to the risk register.
B. Create a VLAN for the sensors.
C. Physically air gap the sensors.
D. Configure TLS 1.2 on all sensors.
Correct Answer: B
QUESTION 32
Which of the following best explains the benefit of using asymmetric encryption?
A. It provides mutual authentication by using identical keys for both encryption and decryption.
B. It uses a shared secret key to reduce the number of keys needed.
C. It allows faster encryption and decryption than symmetric methods.
D. It enables secure data exchanges without requiring both parties to share a private key.
Correct Answer: D
QUESTION 33
A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?
A. Tuning
B. Aggregating
C. Quarantining
D. Archiving
Correct Answer: A
QUESTION 34
A company’s login process must include a layer of additional security to reduce the risk of unauthorized access. It must also maintain ease of use for remote employees who often work on different OSs. Which of the following application security controls will best meet the company’s requirements?
A. Providing a cloud-based file-sharing service with encryption
B. Implementing a firewall configuration tool with easy remote management
C. Deploying a desktop application for generating secure passwords
D. Installing an identity management platform that uses MFA
Correct Answer: D
QUESTION 35
In order to maintain system stability, a company’s software developers cannot merge updates into the code base without supervisor approval. Which of the following is the best description of this practice?
A. Separation of duties
B. Change management
C. Vulnerability remediation
D. Collusion prevention
Correct Answer: B
QUESTION 36
An organization experiences data loss after several employees traveled to an area that is well-known for corporate espionage. The employees always used VPNs when connected to the hotel Wi-Fi, logged off their machines when not in use, and kept their doors locked when leaving their devices unattended. Which of the following will best prevent data loss events in the future?
A. Data sanitization
B. WAF
C. FDE
D. Split tunneling
Correct Answer: C
QUESTION 37
Which of the following principles ensures data is only accessible to authorized users?
A. Integrity
B. Confidentiality
C. Non-repudiation
D. Availability
Correct Answer: B
QUESTION 38
Which of the following is a consideration when patching mission-critical network edge routers for a critical vulnerability?
A. Redundancy
B. Physical location
C. Scalability
D. Cost
Correct Answer: A
QUESTION 39
Which of the following is a reason to include various functional roles such as IT, legal, and communications–as stakeholders during tabletop exercises?
A. To keep the exercises informal and conversational
B. To provide security awareness training to all staff functions
C. To reduce the need for follow-up documentation
D. To reflect realistic decision-making and collaboration during an incident
Correct Answer: A
QUESTION 40
Which of the following vulnerabilities will lead to a successful attack that injects <IMG src=’http://attackersite.net/mycode.sh’> into a web application?
A. Directory traversal
B. Buffer overflow
C. SQLi
D. XSS
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.