QUESTION 61
The Chief Information Security Officer (CISO) requires that new servers include hardware-level memory encryption. Which of the following data states does the CISO want to protect?
A. Data in use
B. Data at rest
C. Data in transit
D. Data sovereignty
Correct Answer: A
QUESTION 62
A company prepares for an upcoming regulatory audit. The company wants to perform a gap analysis in the most cost-effective way. Which of the following will help the company achieve this goal?
A. Internal self-assessment
B. Active reconnaissance
C. Red team penetration test
D. Tabletop exercise
Correct Answer: A
QUESTION 63
Which of the following explains the main threat caused by XSS on web pages?
A. It blocks users from reaching certain websites.
B. It restricts websites from storing user settings.
C. It discloses the debugging log to developers and potential threat actors.
D. It allows attackers to insert and execute malicious content.
Correct Answer: D
QUESTION 64
Which of the following best distinguishes serverless architecture from traditional on-premises models in terms of security accountability?
A. Serverless environments require the customer to secure host-level firewalls and network hardware.
B. Serverless environments reduce the customer’s responsibility for underlying system patching.
C. Serverless environments provide a persistent execution environment across user sessions.
D. Serverless environments allow full administrative access to physical infrastructure.
Correct Answer: B
QUESTION 65
A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company’s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?
A. Ensure the firewall data plane moves to fail-closed mode.
B. Implement a DENY ALL rule as the last firewall ACL rule.
C. Prioritize business-critical application traffic through the firewall.
D. Configure rate limiting between the firewall interfaces.
Correct Answer: A
QUESTION 66
Which of the following risk analysis attributes measures the chance that a vulnerability will be exploited?
A. Exposure factor
B. Impact
C. Severity
D. Likelihood
Correct Answer: D
QUESTION 67
An organization establishes an internal policy that outlines how to perform vulnerability management. Which of the following is the most likely outcome of non-compliance with this policy?
A. A high number of false positives on the SIEM detections
B. Reputational damage resulting from information disclosure
C. Regulatory fines and legal fees associated with judicial proceedings
D. Inconsistent remediation and misallocation of resources
Correct Answer: D
QUESTION 68
Which of the following should an organization implement to avoid unnecessary liability after the end of a legal contract obligation with a third party?
A. Data encryption
B. Data classification
C. Data retention
D. Data inventory
Correct Answer: C
QUESTION 69
Which of the following is a security implication of using SDN over traditional methods?
A. Network device configuration can be dynamically adjusted to react to a detected security threat.
B. Network alerting and reporting is reduced due to lack of integration with analysis tools.
C. Network intrusion detection results in increased false positives or false negatives.
D. Network infrastructure is outsourced to a third-party vendor better suited to maintaining security.
Correct Answer: A
QUESTION 70
Which of the following best describes an insider threat?
A. A user who accidentally visits a phishing site
B. An attacker with no authorized access to the target
C. An employee with legitimate access misusing credentials intentionally
D. An unskilled attacker trying to guess passwords from the internet
Correct Answer: C
QUESTION 71
A software development team tests a new feature that processes user-uploaded files. A security engineer is concerned that attackers might upload malicious files to exploit vulnerabilities after the application moves to production. Which of the following approaches will best reduce this risk?
A. Deploying the solution in an isolated environment that limits access to system resources
B. Using static code analysis to detect embedded malware signatures in uploaded files
C. Performing a code signing operation to validate the uploaded files before accepting them
D. Enabling full disk encryption to protect files stored during the test cycle
Correct Answer: A
QUESTION 72
A large organization has stable, well-established operations regarding its employee work hours, locations, and tasks. The large number of employees makes individual, close monitoring impractical. The organization wants to automate the detection of possible security breaches. Which of the following is the best way to detect activities outside of normal operations?
A. Insider threat monitoring
B. Anomalous behavior recognition
C. Social engineering detection
D. Operational security policies
Correct Answer: B
QUESTION 73
An employee asks a security analyst to scan a suspicious email that contains a link to a file on a file-sharing site. The analyst determines that the file is safe after downloading and scanning the file with antivirus software. When the employee opens the file, their device is infected with ransomware. Which of the following steps should the analyst have taken?
A. Review the file in a code editor.
B. Monitor the file connections with netstat -ano.
C. Execute the file in a sandbox.
D. Retrieve the file hash and check with OSINT.
Correct Answer: C
QUESTION 74
A security analyst receives an alert that an employee has clicked on a phishing email and exposed their credentials. Which of the following should the analyst do?
A. Notify all employees about the phishing attack and instruct them to avoid suspicious emails.
B. Wait for the confirmation from the employee before making any changes to their account.
C. Reimage the employee’s workstation to ensure no malware is present.
D. Lock the employee’s account to prevent further unauthorized access.
Correct Answer: D
QUESTION 75
Which of the following best describes the purpose of a security gap analysis?
A. To establish deception and disruption technology
B. To determine the risk posture after a security application is installed
C. To examine confidentiality, integrity, and availability
D. To identify areas where current controls do not meet required standards
Correct Answer: D
QUESTION 76
Which of the following describes how a risk event might affect operations and limit the overall risk score?
A. Severity
B. Likelihood
C. Impact
D. Probability
Correct Answer: C
QUESTION 77
Which of the following scenarios is a warning sign specific to insider threats that should be included in a company’s security awareness training?
A. An IT employee upgrades systems to the newest version of an encryption library.
B. A user shares their unique credentials with peers within their team.
C. A finance user scrutinizes an employee’s reimbursement form after a business trip.
D. A user traveling abroad logs in outside of normal operating hours.
Correct Answer: B
QUESTION 78
Which of the following best describes a method for ongoing vendor monitoring in third-party risk management?
A. Requiring a new MSA for each project
B. Accepting vendor self-attestation without further verification
C. Conducting assessments to verify compliance with security requirements
D. Reviewing SLAs at the start of the contract
Correct Answer: C
QUESTION 79
Which of the following are the most important considerations when encrypting data? (Select two).
A. Obfuscation
B. Algorithms
C. Data masking
D. Key length
E. Tokenization
F. Salting
Correct Answer: BD
QUESTION 80
A security engineer receives reports of unauthorized devices on the organization’s network. Which of the following best describes a secure and effective way to mitigate the risks?
A. Deploy a NAC solution to block wireless connections until devices can be verified against the baseline configuration.
B. Set the NAC solution to only accept handshakes initiated from a static set of IP addresses.
C. Configure a NAC solution to enforce 802.1X authentication with device certificates and implement endpoint security checks.
D. Implement a NAC solution that redirects all devices to the guest Wi-Fi for holding until a security analyst can validate the security compliance.
Correct Answer: C
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.