Home Practice Exams Exam Concepts Stori ed (Videos) Contact Logout

You can do better!

Find your weak areas and improve.

Your score is 72.78%

 Restart quiz

1. A large healthcare provider is decommissioning several outdated servers that were used to store patient records. Which TWO of
the following outcomes are directly achieved by following proper decommissioning procedures? (SELECT TWO)

A. Extending the lifespan of the remaining servers.

B. Protecting patient con dentiality and data security.

C. Enhancing the performance of the healthcare provider's network.

D. Complying with legal and regulatory requirements for data handling.

The decommissioning of outdated servers in a healthcare setting directly achieves the outcomes of protecting patient con dentiality
and data security (Option B) and complying with legal and regulatory requirements for data handling (Option D). Proper
decommissioning procedures, such as secure data erasure and physical destruction of storage media, ensure that sensitive patient
records are not accessible after the servers are disposed of. This protects the con dentiality and integrity of patient data.
Additionally, following these procedures helps the healthcare provider comply with legal and regulatory standards, such as HIPAA,
which mandate the secure handling and disposal of patient information. Extending the lifespan of remaining servers (Option A) and
enhancing network performance (Option C) are not primary objectives of the decommissioning process. The main focus is on data
security and regulatory compliance.

2. A cybersecurity rm is considering the purchase of a new security software suite. The rm wants to ensure that the software
meets industry standards and regulatory requirements. In evaluating the software options, why is it important for the rm to verify
that the software has been certi ed by a recognized authority?

A. To ensure compatibility with the rm's existing hardware and software.

B. To guarantee that the software will be user-friendly and have a good interface.

C. To con rm that the software adheres to industry security standards and best practices.

D. To make sure the software comes with a comprehensive warranty and support.

In the scenario of a cybersecurity rm evaluating new security software, the importance of verifying certi cation by a recognized
authority lies in C, con rming that the software adheres to industry security standards and best practices. Certi cation from a
reputable body indicates that the software has undergone rigorous testing and evaluation to meet established security criteria. This
provides assurance of the software's reliability, effectiveness, and compliance with regulatory requirements, which is crucial for a
cybersecurity rm. Option A, ensuring compatibility, and Option D, warranty and support, are important but secondary
considerations compared to security standards. Option B, the user interface, while important for usability, does not directly relate to
the security and compliance aspects of the software.

3. An employee receives an email from what appears to be the company's CEO, urgently requesting the transfer of funds to a new
account for a con dential deal. The email address is similar to the CEO's but with a minor difference. What should be the employee's
response to this potential social engineering attack?

A. Immediately transfer the funds as the request is from the CEO

B. Verify the request through a direct phone call to the CEO

C. Forward the email to other colleagues for their opinion

D. Delete the email as it is clearly a scam

The employee's response to this potential social engineering attack should be to verify the request through a direct phone call to the
CEO, as indicated in Option B. This action allows the employee to con rm the authenticity of the request directly with the CEO,
ensuring that it is not a phishing attempt. Direct veri cation is crucial in situations where there is a discrepancy, such as a minor
difference in the email address, which is a common tactic used in social engineering attacks. Transferring the funds immediately
(Option A) could lead to a signi cant nancial loss if the email is fraudulent. Forwarding the email to colleagues (Option C) does not
provide a de nitive answer and could spread confusion. Deleting the email (Option D) might seem safe, but it risks ignoring a
potentially legitimate request, making direct veri cation a more appropriate approach.

4. A government agency is implementing a new security gateway to control access to its classi ed network. This gateway is
con gured to fail-closed in case of a system malfunction or compromise. During an unforeseen outage, what would be the immediate
impact on network access, and what is a key consideration for this fail-closed con guration?

A. Network access remains uninterrupted, but security monitoring is disabled.

B. All network access is blocked, ensuring security at the cost of accessibility.

C. Network access is redirected to a backup gateway with limited functionality.

D. The gateway switches to a minimal security mode, allowing restricted access.

In a fail-closed con guration, if the security gateway experiences a malfunction or is compromised, it automatically blocks all
network access to ensure the security of the classi ed network. This action (Option B) prioritizes the protection of sensitive
information by preventing any potential unauthorized access during the outage. The immediate impact is that network accessibility is
sacri ced for security, which can lead to operational disruptions. In contrast, options A, C, and D describe behaviors typical of a fail-
open con guration or alternative redundancy measures, which are not inherent in a fail-closed setup. A key consideration in
implementing a fail-closed con guration is to balance the need for high security with the potential for service interruption and to
have contingency plans for maintaining operations during outages.

5. A power plant is enhancing its perimeter security to prevent unauthorized access and potential sabotage. The plant is located in a
remote area and has critical infrastructure that needs protection. Considering the need for robust physical security, which type of
fencing would be most appropriate to install around the perimeter of the power plant?

A. Decorative fencing to blend with the natural surroundings

B. Chain-link fencing with barbed wire on top

C. Wooden fencing for aesthetic appeal

D. Low-height fencing for ease of maintenance

For a power plant with critical infrastructure, especially in a remote area, it is crucial to have robust physical security measures to
prevent unauthorized access and potential sabotage. Chain-link fencing with barbed wire on top (Option B) is an effective solution, as
it provides a strong physical barrier that is dif cult to climb or breach. The addition of barbed wire enhances the security by
deterring and impeding intruders. Decorative fencing (Option A), wooden fencing (Option C), and low-height fencing (Option D) do
not offer the same level of security and are more suitable for aesthetic purposes or areas with lower security risks. The primary goal
in this scenario is to ensure the protection of the power plant's critical infrastructure, making chain-link fencing with barbed wire
the most appropriate choice.

6. A large corporation identi es a fake social media account that uses its logo and company name to post misleading information
about its products. The account gains a signi cant following and starts to negatively impact the corporation's reputation. To
effectively combat brand impersonation on social media, what should be a key component of the corporation's strategy?

A. Increasing the budget for online advertising

B. Monitoring social media for unauthorized use of the brand

C. Encrypting all corporate data

D. Limiting employee access to social media

A key component of effectively combating brand impersonation on social media is monitoring social media for unauthorized use of
the brand (B). This involves regularly scanning various social media platforms to identify fake accounts, misleading posts, or any
unauthorized use of the company's name, logo, or other intellectual property. Prompt identi cation allows the company to take
appropriate actions, such as reporting the fake accounts to the platform for removal and informing customers about the
impersonation. This proactive approach helps protect the company's reputation and prevent the spread of misinformation.
Increasing the budget for online advertising (A), encrypting corporate data (C), and limiting employee access to social media (D) are
not directly related to addressing the issue of brand impersonation on social media platforms.

7. A physical security assessment of a corporate of ce building reveals that emergency exits are not clearly marked and some are
obstructed. This poses a safety risk to employees. What is the most appropriate action for the company to take in response to this
nding?

A. Installing additional CCTV cameras throughout the building.

B. Conducting a comprehensive review and update of emergency evacuation procedures.

C. Implementing a key card access system for all doors.

D. Designating a security of cer to monitor emergency exits.

The physical security assessment highlighted issues with emergency exits, including poor signage and obstructions. The most
appropriate action to address this safety concern is to conduct a comprehensive review and update of emergency evacuation
procedures (Option B). This should include ensuring that all emergency exits are clearly marked, unobstructed, and known to all
employees. While installing additional CCTV cameras (Option A) and implementing a key card access system (Option C) are security
measures, they do not address the speci c issue of emergency exit safety. Designating a security of cer to monitor exits (Option D)
may provide some oversight but is not as effective as reviewing and updating the entire emergency evacuation process.

8. A nancial institution contracts a third-party IT rm to upgrade its transaction processing system, as outlined in a detailed
Statement of Work (SOW). The SOW includes speci c security requirements and deadlines. Halfway through the project, the
institution realizes that the rm is not meeting the speci ed security requirements. What is the most appropriate initial action for
the institution to take in this situation?

A. Immediately terminate the contract and seek legal action.

B. Engage in discussions with the rm to address non-compliance with the SOW.

C. Overlook the security shortcomings to avoid project delays.

D. Take over the project and complete the upgrade internally.

Upon discovering that the third-party IT rm is not meeting the speci ed security requirements in the SOW, the nancial
institution's most appropriate initial action is to engage in discussions with the rm (Option B). This step involves clearly
communicating the areas of non-compliance, understanding the reasons behind the rm's failure to meet the security requirements,
and collaboratively working towards a resolution to ensure adherence to the SOW. Terminating the contract and seeking legal action
(Option A) may be a subsequent step if the rm fails to rectify the non-compliance, but it should not be the rst response.
Overlooking the security shortcomings (Option C) is not advisable due to the potential risks to the institution's transaction
processing system. Taking over the project internally (Option D) may not be feasible and does not address the issue of the rm's non-
compliance with the SOW.

9. During a routine security review, a nancial analyst at an investment bank notices irregular login attempts from an unknown IP
address. To align with effective internal security compliance, which of the following actions should the analyst take? (SELECT TWO)

A. Report the incident to the IT security team immediately.

B. Change their own password as a precautionary measure.

C. Install a third-party antivirus software on their workstation.

D. Review access logs to identify any unauthorized access.

Reporting the incident to the IT security team immediately (Option A) is crucial for a timely response to potential security threats.
Reviewing access logs (Option D) helps in identifying unauthorized access and understanding the scope of the incident. Both actions
are in line with effective internal security compliance, emphasizing prompt reporting and investigation of security incidents.
Changing their own password (Option B) is a good practice but may not directly address the issue of irregular login attempts.
Installing third-party antivirus software (Option C) without proper authorization could violate company policies and might not be
relevant to the irregular login attempts. Options A and D demonstrate the application of internal security compliance by ensuring a
proactive and investigative approach to potential security threats.

10. A large enterprise is optimizing its network infrastructure with the implementation of load balancers. The network team is tasked
with con guring the load balancers to enhance both performance and security. Which TWO of the following con gurations should
be applied to achieve these objectives? (SELECT TWO)

A. Con guring the load balancers for content-based routing to ef ciently distribute speci c types of traf c.

B. Setting up the load balancers to double as antivirus scanners for incoming traf c.

C. Implementing health checks on the load balancers to ensure traf c is sent to operational servers.

D. Using the load balancers to perform rate limiting to prevent excessive traf c from overwhelming servers.

Con guring load balancers for content-based routing (Option A) is an effective way to enhance both performance and security. This
con guration allows the load balancer to distribute traf c based on the content type, such as sending all API requests to a speci c set
of servers, thereby optimizing the handling of different traf c types and improving overall ef ciency. Implementing health checks
(Option C) is crucial to ensure that traf c is only directed to operational and responsive servers, maintaining high availability and
preventing traf c from being sent to failed or compromised servers. While rate limiting (Option D) is a useful feature to prevent
traf c overload, it is less directly related to the combined objectives of performance and security enhancement. Using load balancers
as antivirus scanners (Option B) is not a standard or practical function for load balancers, as this task is typically handled by
dedicated security appliances.

11. A nancial services company is designing a new transaction processing system. The system must be capable of handling high
volumes of transactions without any downtime and must also ef ciently distribute processing loads. Considering the requirements of
high availability, fault tolerance, and ef cient load distribution, which of the following technologies should be implemented? (SELECT
TWO)

A. Load Balancing

B. Clustering

C. Single Server Deployment

D. Redundant Power Supply

For a transaction processing system that requires high availability, fault tolerance, and ef cient load distribution, both load balancing
(A) and clustering (B) are necessary. Load balancing ensures that the processing load is distributed ef ciently across multiple servers,
preventing any single server from being overwhelmed by high volumes of transactions. This contributes to maintaining system
responsiveness. Clustering, on the other hand, provides high availability and fault tolerance by linking servers together to act as a
single system. If one server fails, the others can seamlessly take over its workload, ensuring continuous operation. A single server
deployment (C) would not meet the high availability and fault tolerance requirements, and a redundant power supply (D), while
important for power redundancy, does not directly address load distribution or system availability in the context of transaction
processing. Therefore, the correct answers are A) Load Balancing and B) Clustering.

12. A multinational corporation is concerned about the spread of malware across its global network. To mitigate this risk, the IT
department implements a strategy to isolate its critical systems from the rest of the network. After this change, an employee nds
that they can no longer directly access the nancial reporting system from their standard workstation. Which objective is primarily
being achieved through this isolation?

A. Enhancing the data processing speed of critical systems.

B. Limiting the spread of malware and protecting critical assets.

C. Reducing the cost of maintaining critical systems.

D. Simplifying the user access management for critical systems.

The primary objective of isolating critical systems, such as the nancial reporting system, from the rest of the network is to limit the
spread of malware and protect these crucial assets. By creating a separation between critical systems and standard workstations, the
IT department ensures that even if a part of the network is compromised, the critical systems remain secure and unaffected. This
isolation is a proactive security measure to enhance the overall resilience of the network. The other options, such as enhancing data
processing speed (Option A), reducing maintenance costs (Option C), and simplifying user access management (Option D), are not the
main reasons for implementing isolation in this scenario.

13. A small accounting rm relies heavily on its computer systems to process client data. The rm is located in an area with frequent
power uctuations. How would the implementation of an uninterruptible power supply (UPS) system primarily bene t the rm's IT
infrastructure?

A. Enhancing the data processing speed of the computer systems

B. Providing temporary power to prevent data loss and allow for safe shutdown during power outages

C. Reducing the overall energy consumption of the computer systems

D. Increasing the storage capacity of the rm's data servers

The primary bene t of implementing an uninterruptible power supply (UPS) system for a small accounting rm, especially in an area
with frequent power uctuations, is providing temporary power to prevent data loss and allow for safe shutdown during power
outages (B). A UPS system supplies backup power in the event of a power outage or uctuation, giving enough time to safely shut
down computer systems and save any in-progress work. This prevents data loss and potential damage to hardware that can occur
due to sudden power loss. Enhancing data processing speed (A), reducing energy consumption (C), and increasing storage capacity
(D) are not direct bene ts of a UPS system. The key advantage is maintaining continuity of operations and protecting data during
power issues, making option B the most appropriate answer.

14. What are critical considerations for organizations when determining a Recovery Point Objective (RPO) for their data and systems?
(SELECT TWO)

A. The criticality of the data and systems to business operations.

B. The cost implications of implementing advanced backup solutions.

C. The frequency of data changes and updates in the systems.

D. The organization's overall market share and competitive positioning.

When determining a Recovery Point Objective (RPO) for data and systems, organizations must consider factors that directly impact
the potential consequences of data loss. The criticality of the data and systems to business operations (Option A) is a key
consideration. Systems and data that are vital to the organization's core functions or have signi cant impacts on service delivery
should have shorter RPOs to minimize the effects of data loss. The frequency of data changes and updates in the systems (Option C)
is another important factor. Systems with frequent changes or transactions require more frequent backups to ensure that data loss is
within the acceptable RPO limits. Cost implications of advanced backup solutions (Option B) are a consideration for overall IT
budgeting but should not be the primary determinant of RPO. The organization's market share and competitive positioning (Option
D) are more related to business strategy and do not directly in uence the setting of RPOs. Therefore, focusing on the criticality of
data/systems and the frequency of data changes ensures that RPOs are set in a manner that protects essential operations and
minimizes data loss.

15. A multinational corporation experienced two different types of disruptive cyberattacks. The rst attack involved defacing the
company's of cial website with provocative messages, leading to reputational damage. The second attack was a DDoS attack that
overloaded the company's customer service portal during a peak business period. Which TWO of the following motivations are most
likely behind these disruptive attacks? (SELECT TWO)

A. Seeking nancial gain through operational disruption

B. Damaging the company's reputation and public image

C. Creating chaos and disruption in business operations

D. Stealing sensitive corporate data for espionage

The defacement of the company's website with provocative messages likely aims to damage the company's reputation and public
image (Option B). This type of attack is intended to harm the company's standing with customers and the public, rather than for
nancial gain or data theft. The DDoS attack on the customer service portal during a peak business period suggests a motive of
creating chaos and disruption in business operations (Option C). This attack appears designed to inconvenience customers and
disrupt business processes, aligning with a goal of causing operational chaos. The scenarios do not indicate motives related to
nancial gain through operational disruption (Option A) or stealing sensitive data for espionage (Option D).

16. An organization is considering using multiple third-party vendors for different IT services, including cloud storage, application
development, and cybersecurity. To effectively manage the security implications of using these vendors, which two of the following
actions should the organization prioritize? (SELECT TWO)

A. Relying solely on the cybersecurity vendor for all security-related decisions and actions.

B. Conducting regular security assessments of each vendor's systems and practices.

C. Establishing standardized protocols for data sharing and access control across all vendors.

D. Choosing vendors based primarily on the cost of their services.

When working with multiple third-party vendors for various IT services, conducting regular security assessments of each vendor's
systems and practices (Option B) is essential. These assessments help in identifying potential vulnerabilities, ensuring that vendors
adhere to agreed-upon security standards, and maintaining a consistent security posture across different services. Establishing
standardized protocols for data sharing and access control (Option C) is also crucial. This ensures that sensitive information is
handled securely and consistently, regardless of the vendor involved, and helps prevent unauthorized access and data breaches.
Relying solely on the cybersecurity vendor for all security decisions and actions (Option A) is not advisable, as it's important to have a
comprehensive and integrated approach to security that involves all vendors. Choosing vendors based primarily on the cost of their
services (Option D) may lead to compromises in the quality and effectiveness of the security measures implemented.

17. In the process of acquiring digital evidence from multiple computers after a network intrusion, what TWO key practices should
the incident response team follow to ensure a forensically sound acquisition? (SELECT TWO)

A. Documenting the physical and digital state of each computer before acquisition.

B. Using the same standard data recovery software used in IT operations for the acquisition.

C. Ensuring that the acquisition tools are veri ed and validated for forensic use.

D. Uploading copies of the acquired data to a public cloud for immediate analysis.

To ensure a forensically sound acquisition of digital evidence, it is crucial to document the physical and digital state of each
computer before acquisition (Option A). This includes noting the condition of the hardware, any visible on-screen information, and
the current operating state. This documentation is essential for establishing the context and integrity of the evidence. Additionally,
using acquisition tools that are veri ed and validated for forensic use (Option C) is critical to ensure that the process does not alter
or damage the evidence and that the tools are reliable and acceptable in a legal context. Standard data recovery software (Option B)
may not meet forensic standards, and uploading sensitive data to a public cloud (Option D) can compromise its security and integrity.

18. During a routine audit, an IT auditor discovers that there are spikes in network log activity occurring at irregular intervals, outside
of the normal business hours. These spikes suggest possible out-of-cycle logging, raising concerns about potential security incidents.
Which of the following should be the auditor's recommendation to enhance log monitoring and incident detection?

A. Decrease the retention period of logs to focus on recent activities.

B. Implement a real-time log monitoring and alerting system.

C. Disable logging for low-severity events to reduce log volume.

D. Manually review logs at the end of each business day.

The auditor's recommendation should be to implement a real-time log monitoring and alerting system (Option B). This system would
enable the organization to automatically detect and alert on unusual log activities as they occur, allowing for a timely response to
potential security incidents. Decreasing the retention period of logs (Option A) might lead to the loss of valuable historical data
needed for analysis. Disabling logging for low-severity events (Option C) could miss important context that contributes to
understanding security incidents. Manually reviewing logs daily (Option D) is resource-intensive and may not provide timely
detection of anomalies.

19. A healthcare organization handles a variety of data, including human-readable patient records and non-human-readable
diagnostic machine outputs. To enhance data security, which TWO of the following measures should the organization prioritize?
(SELECT TWO)

A. Implementing an end-to-end encryption solution for data storage and transmission.

B. Upgrading the physical security of the data storage facilities.

C. Applying data masking techniques to patient records.

D. Utilizing a centralized logging system for all data access and modi cation.

Implementing an end-to-end encryption solution for both data storage and transmission is critical for protecting human-readable
patient records and non-human-readable diagnostic machine outputs. Encryption ensures that all data, regardless of format, is
secured against unauthorized access and breaches, maintaining the con dentiality and integrity of sensitive healthcare information.
Utilizing a centralized logging system for all data access and modi cation provides an additional layer of security by enabling the
monitoring and tracking of who accesses or modi es data. This is particularly important in a healthcare setting, where data
sensitivity and compliance with regulations like HIPAA are paramount. While upgrading physical security (B) and applying data
masking techniques (C) are valuable security measures, they do not offer the comprehensive protection for both types of data that
encryption and logging systems do. These two measures directly address the unique challenges of securing diverse data formats in a
healthcare environment.

20. In determining the Annualized Loss Expectancy (ALE) for various risks in a corporate network, what factors should the risk
management team consider in their calculations? (SELECT TWO)

A. The cost of cybersecurity insurance premiums.

B. The potential nancial impact of each identi ed risk.

C. The frequency of occurrence for each identi ed risk.

D. The budget available for implementing security controls.

When calculating the Annualized Loss Expectancy (ALE) for risks in a corporate network, the focus should be on factors that directly
contribute to the ALE formula, which is the product of Single Loss Expectancy (SLE) and Annual Rate of Occurrence (ARO). The
potential nancial impact of each identi ed risk (Option B) corresponds to the SLE, as it represents the estimated cost associated
with a single occurrence of the risk. The frequency of occurrence for each identi ed risk (Option C) relates to the ARO, as it indicates
how often the risk is expected to materialize within a year. These two factors are essential for accurately calculating the ALE for each
risk, providing a quanti able measure of the expected annual nancial loss. While the cost of cybersecurity insurance premiums
(Option A) and the budget available for implementing security controls (Option D) are important considerations in overall risk
management and cybersecurity strategy, they do not directly factor into the ALE calculation. Therefore, prioritizing the potential
nancial impact and the frequency of occurrence of each risk enables the risk management team to effectively assess and quantify
the annual nancial exposure due to various risks in the corporate network.

21. You work as a cybersecurity specialist with a small startup and are tasked with securing the network perimeter of the company.
What security measure is enforced by Rule 2 in the provided rewall rules?

A. Blocking UDP traf c from the inside network to the outside on port 12345.

B. Allowing UDP traf c from the inside network to the outside on port 12345.

C. Denying UDP traf c from the outside network to the inside on port 12345.

D. Permitting UDP traf c from the outside network to the inside on port 12345.

Rule 2 is con gured to deny UDP traf c from any source to 203.0.113.2/12345 (outside) to 192.168.1.40/22 (inside). This denies UDP
traf c from the outside network to the inside network on port 12345.

22. During a routine security assessment, it is found that an external attacker is able to perform on-path attacks on a company's
wireless network, intercepting and altering data. Which of the following vulnerabilities is MOST likely enabling this attack?

A. Weak encryption on the wireless network.

B. Outdated antivirus software on company computers.

C. Unpatched security vulnerabilities in network routers.

D. Inadequate physical security of network equipment.

The most likely vulnerability enabling an on-path attack on a wireless network is weak encryption (Option A). If the wireless network
is using outdated or weak encryption standards, it allows attackers to more easily intercept and alter data being transmitted over the
network. Outdated antivirus software (Option B) is a concern but does not directly relate to the interception of network data.
Unpatched vulnerabilities in network routers (Option C) could be exploited by attackers but are less directly related to the issue of
data interception and alteration on a wireless network. Inadequate physical security (Option D) is a risk but does not directly lead to
on-path attacks, which can be performed remotely.

23. A multinational corporation has adopted automation in its security operations to handle tasks like incident response, vulnerability
scanning, and compliance monitoring. In the context of using automation as a workforce multiplier, which of the following strategies
should the corporation employ to maximize the effectiveness of its cybersecurity team? (SELECT TWO)

A. Reducing the size of the cybersecurity team to cut costs.

B. Focusing the team's efforts on strategic security planning and advanced threat analysis.

C. Completely automating all decision-making processes in security operations.

D. Providing continuous training and development opportunities in emerging security technologies.

To maximize the effectiveness of the cybersecurity team in the context of using automation as a workforce multiplier, the
corporation should focus the team's efforts on strategic security planning and advanced threat analysis (option B) and provide
continuous training and development opportunities in emerging security technologies (option D). By focusing on areas where human
expertise is crucial, such as strategic planning and advanced threat analysis, the team can utilize the time and resources saved by
automation to address more complex security challenges. Continuous training ensures that the team stays updated with the latest
trends and technologies, further enhancing their ability to contribute effectively to the organization's security posture. Options A
and C are not effective strategies; reducing the team size could limit capabilities, and completely automating decision-making
overlooks the importance of human judgment in security operations.

24. A government agency is implementing a new security policy but decides to exempt an older, legacy system from certain
requirements due to compatibility issues. What should be the agency's primary focus to manage the risks associated with this
exemption?

A. Upgrading the legacy system as soon as possible to comply with the new policy.

B. Monitoring the legacy system closely for any signs of security breaches.

C. Documenting the exemption and the rationale behind it for future reference.

D. Implementing compensating controls to mitigate the risks of the exemption.

When exempting a legacy system from certain security policy requirements, the primary focus should be on implementing
compensating controls to mitigate the associated risks (Option D). Compensating controls are alternative security measures put in
place to offset the risks introduced by the exemption. This might include additional monitoring, restricted access, or other security
practices tailored to the speci c vulnerabilities of the legacy system. While upgrading the system (Option A) and documenting the
exemption (Option C) are important steps, they do not directly address the immediate security risks. Close monitoring (Option B) is a
part of the solution, but it should be accompanied by proactive measures to strengthen security.

25. A corporate security analyst discovers that con dential company information has been leaked online. After investigating, the
analyst nds spyware installed on several executives' laptops, which has been capturing keystrokes and screen activity. What is the
MOST likely method through which the spyware was installed on these laptops?

A. The executives visited compromised websites that automatically downloaded the spyware.

B. The company's email server was hacked, and spyware was directly installed.

C. An insider intentionally installed the spyware on the executives' laptops.

D. The executives used unsecured public Wi-Fi networks, leading to the spyware installation.

The most common method for spyware installation is through compromised websites (Option A), especially those that use drive-by
download techniques. These websites exploit vulnerabilities in browsers or plugins to install spyware without the user's knowledge.
This scenario is plausible for executives who may have inadvertently visited such sites. While email server hacking (Option B) is a
potential threat, it is less likely to be the direct cause of spyware installation on individual laptops. Insider threats (Option C) are
possible but require speci c evidence to be considered likely. The use of unsecured public Wi-Fi (Option D) is a risk for many types of
attacks, but it does not speci cally align with the identi ed method of spyware installation.

26. An e-commerce company's application monitoring system alerts to a spike in failed login attempts from various geographic
locations. The application handles sensitive customer data. What is the MOST likely security threat, and what immediate action
should be taken?

A. Brute force attack; implement account lockout mechanisms

B. Phishing attack; send a security awareness email to users

C. Application vulnerability; conduct a code review

D. Man-in-the-middle attack; enforce HTTPS on all transactions

A spike in failed login attempts from various locations is indicative of a brute force attack, where attackers attempt to gain access by
repeatedly trying different usernames and passwords. Implementing account lockout mechanisms after a certain number of failed
attempts can effectively mitigate this threat. Option B (Phishing attack) generally involves deceptive communications and wouldn't
necessarily result in failed login attempts. Option C (Application vulnerability) and Option D (Man-in-the-middle attack) are less
likely given the nature of the alert regarding login attempts.

27. An IT manager discovers that the organization's data encryption standards are outdated, potentially exposing sensitive data to
security risks. Considering the principles of due diligence and care, what is the most appropriate action for the IT manager to take?

A. Ignore the issue, assuming the risk is minimal.

B. Inform senior management and propose updating the encryption standards.

C. Wait for a security incident to occur before taking action.

D. Transfer the responsibility to another department.

The most appropriate action in line with due diligence and care is for the IT manager to inform senior management and propose
updating the encryption standards (Option B). This proactive approach addresses the security risk by bringing it to the attention of
decision-makers and suggesting a solution to protect sensitive data. Updating encryption standards ensures that the organization
maintains a strong security posture and mitigates potential risks. Ignoring the issue (Option A) or waiting for a security incident to
occur (Option C) would be negligent and could result in severe consequences. Transferring the responsibility to another department
(Option D) does not address the problem and fails to demonstrate due diligence. By taking the initiative to inform and propose
improvements, the IT manager is exercising due diligence and care in safeguarding the organization's data and reputation.

28. A manufacturing company is assessing its cybersecurity posture and considering the implementation of additional controls. The
company's primary concern is protecting its intellectual property from insider threats. Which control would be most effective for
mitigating the risk of intellectual property theft by insiders, and why is it particularly suitable for this scenario?

A. Installing Closed-Circuit Television (CCTV) cameras in all areas of the facility to monitor employee activities.

B. Implementing Data Loss Prevention (DLP) software to monitor and control data transfers and access.

C. Deploying a rewall to block all external internet traf c and prevent data ex ltration.

D. Requiring biometric authentication for all employees to access the company's network.

In the scenario of protecting intellectual property from insider threats, implementing Data Loss Prevention (DLP) software (Option B)
is the most effective control. DLP software is designed to monitor and control data transfers and access within the company's
network. It can identify sensitive information, such as intellectual property, and enforce policies to prevent unauthorized access,
sharing, or transfer of this data. This is particularly suitable for mitigating insider threats, as DLP can detect and block attempts by
employees to ex ltrate sensitive data. While CCTV cameras (Option A) can monitor physical activities, they do not directly address
the protection of digital data. Deploying a rewall (Option C) is important for external threats but may not be effective against
insiders who already have access to the network. Biometric authentication (Option D) enhances access control but does not directly
prevent the unauthorized transfer or theft of intellectual property by authorized users.

29. An online retail company discovered a breach in their customer database, resulting in the theft of credit card information. The
attack was executed through a network of compromised computers, with the stolen data being sold on the dark web. The attack
showed signs of planning and coordination, with multiple systems being exploited simultaneously. In this scenario, which type of
threat actor most likely conducted the attack?

A. Disgruntled employees seeking revenge

B. A group of teenagers hacking for fun

C. An organized crime syndicate focused on nancial fraud

D. A competitor engaging in corporate espionage

The use of a network of compromised computers (a botnet) to steal and subsequently sell credit card information on the dark web
indicates a high level of organization and nancial motive, which are typical of an organized crime syndicate (Option C). The
planning, coordination, and exploitation of multiple systems for nancial gain through fraud suggest that the attackers are part of a
structured group with speci c expertise in cybercrimes. This scenario is less indicative of the motives or capabilities of disgruntled
employees (Option A), teenagers hacking for amusement (Option B), or a competitor engaged in corporate espionage (Option D), who
would likely be more interested in obtaining strategic business information than in direct nancial fraud.

30. A technology startup is expanding its operations to several Asian countries, each with different cybersecurity and data privacy
laws. To effectively manage local and regional compliance, which TWO of the following practices should be prioritized in the startup's
expansion strategy? (SELECT TWO)

A. Adopting a one-size- ts-all approach to data privacy across all countries.

B. Regularly reviewing and updating compliance policies to re ect changes in local laws.

C. Engaging with local legal advisors to understand and navigate regional regulations.

D. Assuming that compliance with the company's home country laws is suf cient.

Regularly reviewing and updating compliance policies to re ect changes in local laws (Option B) is crucial for a technology startup
expanding internationally. This ensures that the company's practices remain up-to-date with evolving legal landscapes in different
countries. Engaging with local legal advisors (Option C) provides valuable insights and guidance on navigating the speci c
cybersecurity and data privacy regulations in each country, helping the startup ensure compliance and minimize legal risks. Adopting
a one-size- ts-all approach (Option A) is not practical due to the varying nature of laws across countries. Assuming that compliance
with home country laws is suf cient (Option D) overlooks the complexities of international legal compliance and could lead to
regulatory issues.

31. What aspects of the email exploits social engineering techniques to compel the recipient to take immediate action? (SELECT
TWO)

From: IT-Support@examplecorp.com
To: employees@examplecorp.com
Date: April 22, 2023, 09 15
Subject: Urgent: Email Server Update

Dear Employee,

We are conducting an unexpected but necessary update to our email servers due to recent security threats. To ensure the continuity
of your email services, please click on the link below to con rm your account details:

http://examplecorp-update.com/login

Your prompt action is required to avoid any disruption to your service.

Best regards,
IT Support Team
ExampleCorp

Note: Please do not respond to this email.

A. The update to the email server

B. Mentioning the "recent security threats"

C. The polite tone of the email

D. The note stating not to reply to the email

E. The phrase that suggest loss of access to the service

The mention of "recent security threats" and the possibility of losing the "continuity of your email services" are a social engineering
techniques that create a sense of urgency and fear, pressuring the recipient to act quickly without properly scrutinizing the email or
the link it contains.

32. A large corporation implements a geolocation-based authentication system ("somewhere you are") for remote access to its
corporate network. Despite this security measure, there have been instances of unauthorized access from locations outside the
permitted geographical area. What is the MOST likely reason for this security breach?

A. The geolocation system is incorrectly identifying the location of authorized users.

B. Employees are using VPNs to bypass the geolocation-based authentication system.

C. The system's geolocation database is outdated and needs updating.

D. There is a technical glitch in the network that misinterprets user locations.

The most likely reason for the unauthorized access from locations outside the permitted geographical area is that employees are
using VPNs to bypass the geolocation-based authentication system (Option B). VPNs can mask the actual location of a user, making it
appear as if they are accessing from a different, authorized location. This can lead to breaches in security where access is granted
based on geographical location. Options A, C, and D could contribute to issues in location identi cation but do not directly address
the problem of users intentionally bypassing the system using VPNs.

33. An organization's Policy Administrator discovers that several departments are not adhering to the organization's data encryption
policy, potentially exposing sensitive information. The Policy Administrator must address this issue to ensure compliance with the
organization's security standards. What should the Policy Administrator do rst to resolve this non-compliance?

A. Update the encryption policy to be less stringent

B. Conduct training sessions on the importance of encryption

C. Impose penalties on the non-compliant departments

D. Investigate the reasons for non-compliance

As a Policy Administrator, the rst step in addressing non-compliance with the organization's data encryption policy is to investigate
the reasons for non-compliance. This investigation helps to understand whether the issue is due to lack of awareness, technical
challenges, resource constraints, or other factors. Based on the ndings, the Policy Administrator can then take appropriate actions,
such as providing training (Option B), revising the policy if necessary (Option A), or implementing corrective measures. Imposing
penalties (Option C) may be considered, but it is important to rst understand the root cause of the non-compliance to effectively
address the issue.

34. An internet service provider (ISP) implements Software-De ned Networking (SDN) to dynamically manage its network traf c and
provide customized services. With the increasing threat of cyber attacks, what is the most effective strategy to ensure the security of
the SDN architecture against potential vulnerabilities?

A. Limiting the use of SDN to non-critical network segments only.

B. Regularly updating and patching the SDN software components.

C. Increasing the bandwidth of the network to handle more traf c.

D. Relying on client-side security measures to protect the network.

In an SDN architecture, where network control is software-based, regularly updating and patching the SDN software components
(Option B) is crucial for security. This practice ensures that the software is protected against known vulnerabilities and is up-to-date
with the latest security xes. It helps in preventing exploits that could compromise the network's integrity and the services provided
by the ISP. Limiting the use of SDN to non-critical segments (Option A) may not be practical for an ISP and does not leverage the full
capabilities of SDN. Increasing the bandwidth (Option C) is generally bene cial for network performance but does not address
security vulnerabilities speci c to SDN. Relying solely on client-side security measures (Option D) is insuf cient, as the security of
the SDN infrastructure itself is crucial for overall network security.

35. A university's IT department is improving the security of network switches in various campus buildings to prevent unauthorized
access and network attacks. The network consists of multiple switches connecting faculty of ces, computer labs, and administrative
areas. Which TWO of the following hardening measures would be MOST effective in enhancing the security of these network
switches? (SELECT TWO)

A. Implementing VLAN segmentation to separate different network areas.

B. Setting up a redundant switch con guration to prevent single points of failure.

C. Disabling Telnet and using SSH for remote switch management.

D. Con guring port security to restrict the number of MAC addresses per port.

Implementing VLAN segmentation (A) is an effective hardening measure to enhance network security. VLANs separate different
network areas (e.g., faculty of ces, labs, administrative areas), reducing the risk of unauthorized access and lateral movement within
the network. Disabling Telnet and using SSH for remote switch management (C) signi cantly improves security by ensuring that
remote access to the switches is encrypted and secure, preventing eavesdropping and unauthorized access. Setting up redundant
switch con gurations (B) is important for network reliability but does not directly contribute to switch security. Con guring port
security (D) is bene cial for controlling access to the network but is not as broadly effective as VLAN segmentation and secure
remote management for the overall security of network switches in this scenario.

36. In a healthcare organization, the IT team implemented a new security information and event management (SIEM) system. The
system agged an unusual number of failed login attempts on a server containing sensitive patient data. Considering the detection
phase of incident response, what should the IT team do FIRST upon receiving this alert?

A. Resetting all user passwords for the affected server.

B. Analyzing the log data to determine if the failed logins are part of a brute force attack.

C. Shutting down the server to prevent unauthorized access.

D. Alerting the patients about a potential data breach.

The rst step in the detection phase, particularly when dealing with alerts from security systems like SIEM, is to analyze the relevant
data to understand the nature of the alert. In this scenario, the IT team should analyze the log data to determine whether the failed
login attempts are due to a brute force attack or other reasons (e.g., user error, system issue). This analysis (Option B) is essential to
accurately assess the situation before taking further action. Premature actions such as resetting passwords (Option A), shutting down
the server (Option C), or alerting patients (Option D) may be unnecessary or even disruptive if the alert turns out to be a false positive
or a minor issue.

37. A manufacturing company updates its network infrastructure to enhance security. The IT department rolls out the update without
updating the standard operating procedures (SOPs) to re ect the new security measures. As a result, employees are unaware of new
protocols, leading to security breaches and network misuse. What does this scenario illustrate about the importance of updating
SOPs in change management processes, especially when implementing security changes?

A. The necessity of regular employee training on network security.

B. The signi cance of updating SOPs to include new security measures.

C. The importance of a robust incident response plan for security breaches.

D. The value of involving all employees in the decision-making process.

This scenario emphasizes the importance of updating standard operating procedures (SOPs) in change management processes,
particularly when implementing changes that affect security. SOPs serve as a guide for employees to understand how to operate
within the new network infrastructure securely. In this case, the failure to update the SOPs led to employees being unaware of the
new security protocols, resulting in security breaches and misuse of the network. Updating SOPs ensures that all employees are
informed of the new procedures and understand their roles and responsibilities in maintaining network security. It is a crucial step in
ensuring that changes are effectively integrated into daily operations and that security measures are consistently applied.

38. A retail company is implementing measures to enhance its defenses against vishing attacks. Which TWO of the following
strategies should be prioritized to effectively combat vishing? (SELECT TWO)

A. Training employees on recognizing and appropriately responding to suspicious calls

B. Training employees on recognizing suspicious emails

C. Implementing a policy to verify caller identities through multiple channels

D. Regularly updating the company's phone system to the latest technology

Training employees on recognizing and appropriately responding to suspicious calls (A) is crucial in combating vishing attacks. This
training should include identifying common vishing tactics, such as requests for con dential information or urgent actions, and
guidelines on how to handle such calls. Implementing a policy to verify caller identities through multiple channels (C) is another key
strategy. This policy might involve calling back through a veri ed number, asking security questions, or seeking con rmation from a
supervisor before providing sensitive information or access. Advanced rewall systems (B) are important for network security but are
less relevant to phone-based vishing attacks. Regularly updating the company's phone system to the latest technology (D) can
provide security enhancements but is not speci cally targeted at preventing vishing, which relies more on social engineering than
technological vulnerabilities.

39. To enhance the security of an organization's network against brute force attacks, which TWO of the following strategies should
be prioritized? (SELECT TWO)

A. Implement network segmentation to limit the impact of any successful attacks.

B. Enforce a strong password policy across the organization.

C. Deploy an intrusion detection system (IDS) to monitor for suspicious activities.

D. Regularly update and patch all network devices and systems.

To effectively defend against brute force attacks, it's important to focus on strategies that directly address the attack method and its
detection. Enforcing a strong password policy (Option B) is crucial, as it increases the dif culty of successfully guessing passwords
through brute force methods. This policy should include requirements for password complexity, length, and regular changes.
Deploying an IDS (Option C) is an effective measure to detect and alert on suspicious activities, such as repeated failed login
attempts, which are indicative of a brute force attack. Network segmentation (Option A) is a good security practice, but it does not
directly prevent brute force attacks; rather, it limits the impact of successful breaches. Regularly updating and patching network
devices and systems (Option D) is important for overall network security, but it is less speci cally targeted at preventing brute force
attacks.

40. A healthcare organization is procuring software for managing patient records. The software must comply with regulatory
standards for data protection and privacy. During the vendor selection process, what key factor should the organization focus on to
ensure compliance with these standards?

A. The user interface design of the software.

B. Integration capabilities with existing systems.

C. The vendor's track record for regulatory compliance.

D. The scalability of the software.

In this scenario, the primary concern is the software's compliance with regulatory standards for data protection and privacy,
especially given the sensitive nature of patient records in healthcare. Option C, the vendor's track record for regulatory compliance,
is the most critical factor to consider. A vendor with a proven history of meeting similar regulatory requirements is more likely to
offer software that adheres to the necessary standards, thereby reducing the risk of non-compliance. Option A, focusing on the user
interface design, is important for usability but does not directly impact compliance. Option B, integration capabilities, is relevant for
operational ef ciency but secondary to compliance issues. Option D, software scalability, is important for future growth but does not
address the immediate need for regulatory compliance.

41. After a series of unexpected security incidents, a company is enhancing its incident response plan. Which TWO of the following
actions should be included to effectively prepare for and respond to unexpected security incidents? (SELECT TWO)

A. Conducting regular disaster recovery and business continuity drills

B. Installing more surveillance cameras throughout the company premises

C. Training employees on the identi cation and reporting of security incidents

D. Ensuring all employees have unrestricted access to incident response documentation

To effectively prepare for and respond to unexpected security incidents, the company should focus on actions that enhance
readiness and awareness. Conducting regular disaster recovery and business continuity drills (Option A) ensures that the company is
prepared to maintain operations and quickly recover in the event of a security incident. This practice tests the effectiveness of the
company's plans and identi es areas for improvement. Training employees on the identi cation and reporting of security incidents
(Option C) is crucial for early detection and response. Employees are often the rst to notice unusual activities, and equipping them
with the knowledge and skills to recognize and report incidents can signi cantly improve the company's ability to respond
effectively. Installing more surveillance cameras (Option B) may enhance physical security but does not directly address the
preparation and response to a variety of security incidents. Ensuring all employees have unrestricted access to incident response
documentation (Option D) is less effective than targeted training and may lead to information overload or misuse of the
documentation.

42. An art gallery is upgrading its security systems to protect valuable artworks. The gallery is considering incorporating pressure-
sensitive technologies for enhanced security. Which TWO of the following applications of pressure-sensitive technology would be
most effective in securing the artworks? (SELECT TWO)

A. Pressure-sensitive pads under each artwork to detect removal

B. Pressure-sensitive paint on walls to detect graf ti

C. Pressure-sensitive alarms on windows and doors

D. Pressure-sensitive ooring in gallery rooms to monitor foot traf c

To secure valuable artworks in an art gallery, incorporating pressure-sensitive pads under each artwork (Option A) is an effective way
to detect unauthorized removal. These pads can trigger an alarm if an artwork is lifted or moved, providing immediate alert to
potential theft. Pressure-sensitive alarms on windows and doors (Option C) are also effective for enhancing security, as they can
detect forced entry or tampering, helping to protect the gallery from break-ins. Pressure-sensitive paint on walls (Option B) is not a
common or practical security technology and is unlikely to be effective in detecting graf ti. Pressure-sensitive ooring in gallery
rooms (Option D) could monitor foot traf c, but it is less directly related to the protection of artworks compared to pressure-
sensitive pads and alarms on entry points.

43. A healthcare application collects patient health information, including personal and sensitive data. To enhance compliance from a
data subject's perspective, what should the application implement as a priority?

A. Collect as much patient data as possible for a comprehensive health record.

B. Provide clear options for patients to opt-in or opt-out of data collection.

C. Focus solely on data encryption without considering data subject consent.

D. Share patient data with third-party advertisers for targeted advertising.

Providing clear options for patients to opt-in or opt-out of data collection (Option B) is a critical step in respecting the rights and
privacy of the data subject. This approach aligns with principles of data protection and privacy laws, such as GDPR, which emphasize
the importance of consent and choice in personal data collection and processing. This ensures that patients have control over their
personal information and understand how their data is being used. Collecting extensive patient data without consent (Option A) may
violate privacy laws and can lead to trust issues. Focusing solely on data encryption (Option C) addresses data security but neglects
the aspect of consent and choice for the data subject. Sharing patient data with third-party advertisers (Option D) without explicit
consent is unethical and likely violates data protection regulations. By providing opt-in and opt-out choices, the healthcare
application demonstrates a commitment to data subject rights and compliance with data protection standards.

44. A law rm handles con dential client documents and legal case les that are stored digitally on the rm's on-premises storage
system. To safeguard the con dentiality of these documents while they are at rest, the rm is considering various data security
solutions. Which of the following options would provide the BEST security for the con dential documents and case les at rest?

A. Implementing data deduplication to reduce storage space.

B. Utilizing a centralized logging system to monitor access to les.

C. Applying le-level encryption to the stored documents and les.

D. Setting up an intrusion detection system (IDS) for the storage network.

Applying le-level encryption to the stored documents and les is the best security solution for protecting the con dentiality of the
data at rest in a law rm. File-level encryption ensures that each document and case le is encrypted individually, providing a high
level of security and control over access to the data. This measure is particularly important for a law rm handling con dential client
information, as it safeguards the data from unauthorized access, even if the storage system itself is compromised. While data
deduplication (A), centralized logging (B), and an intrusion detection system (IDS) (D) are useful for optimizing storage and
monitoring network activity, they do not speci cally address the protection of data at rest as directly as le-level encryption.

45. A company's IT department is implementing a new password storage system for enhanced security. To safeguard the passwords
against potential breaches, the IT department must choose an appropriate method for storing them. Which of the following is the
MOST secure way to store user passwords?

A. Storing passwords in plaintext in a secured database.

B. Encrypting passwords using a symmetric encryption algorithm.

C. Hashing passwords using a strong cryptographic hash function.

D. Saving passwords in an encrypted le with a master password.

Hashing passwords using a strong cryptographic hash function is the most secure way to store user passwords. Hash functions
convert passwords into a xed-size string of characters, which is unique to each password. Unlike encryption, hashing is a one-way
process and cannot be reversed. This means that even if the hashed passwords are accessed by unauthorized individuals, they cannot
be easily converted back to the original passwords. Using a strong cryptographic hash function, such as SHA-256, further enhances
security by making it computationally infeasible to nd two different passwords that produce the same hash (collision resistance).
Storing passwords in plaintext (A) or in an encrypted le (D), even with a master password, is less secure as it involves reversible
processes. Symmetric encryption (B) is also reversible and less suited for password storage compared to hashing.

46. To enhance the security of an organization's network against brute force attacks, which TWO of the following practices should be
prioritized? (SELECT TWO)

A. Implement strong password policies, including regular password changes and complexity requirements.

B. Deploy behavior-based intrusion detection systems (IDS) to identify abnormal login patterns.

C. Conduct regular security awareness training for employees on creating and managing secure passwords.

D. Use network segmentation to isolate critical systems and reduce the overall attack surface.

To effectively defend against brute force attacks, it's important to focus on practices that enhance password security and user
awareness. Implementing strong password policies (Option A) ensures that passwords are complex, changed frequently, and less
likely to be guessed in a brute force attack. Conducting regular security awareness training for employees (Option C) empowers users
to understand the importance of secure password practices, reducing the likelihood of using weak or easily guessable passwords.
While deploying behavior-based IDS (Option B) is important for detecting suspicious activities, it does not prevent the use of weak
passwords. Network segmentation (Option D) improves overall network security but is less directly targeted at preventing brute force
attacks on user accounts.

47. An e-commerce company is revising its business continuity plan in light of increasing cyber threats. The company's online
platform must remain operational 24/7 to process transactions. In the event of a cyberattack that incapacitates the primary server,
which measure is most crucial for ensuring the continuity of operations?

A. Regularly updating antivirus software on all company devices

B. Conducting periodic penetration testing of the network

C. Implementing an automated failover process to a backup server

D. Training staff on advanced cybersecurity protocols

For an e-commerce company that needs to maintain 24/7 operational capability, the most crucial measure to ensure continuity of
operations in the event of a cyberattack is implementing an automated failover process to a backup server (C). This process ensures
that if the primary server is compromised or incapacitated, the system can automatically switch to a backup server with minimal or
no disruption to the online platform and transaction processing. While regularly updating antivirus software (A), conducting
penetration testing (B), and training staff on cybersecurity protocols (D) are important for overall security, they do not provide an
immediate solution for maintaining operations during a server outage. Automated failover is speci cally designed to maintain
continuity of operations in such scenarios, making option C the most appropriate and crucial measure.

48. To optimize the responsiveness of an organization's IT infrastructure in handling security incidents, which two of the following
practices should be prioritized? (SELECT TWO)

A. Relying exclusively on manual processes for incident detection and response.

B. Regularly testing and updating the incident response plan to ensure its effectiveness.

C. Implementing a robust system for continuous monitoring and automated alerts.

D. Decreasing investment in cybersecurity to allocate more resources to other IT areas.

Regularly testing and updating the incident response plan (Option B) is essential to ensure its effectiveness in handling security
incidents. This includes reviewing the plan, conducting drills, and making necessary adjustments to address new threats and changes
in the IT environment. Implementing a robust system for continuous monitoring and automated alerts (Option C) enhances the
responsiveness of the IT infrastructure by enabling real-time detection of potential security incidents and prompt initiation of
response procedures. Relying exclusively on manual processes (Option A) can slow down the detection and response to incidents.
Decreasing investment in cybersecurity (Option D) is counterproductive, as adequate resources are necessary to maintain a
responsive and secure IT environment.

49. Which entry in the application log could be indicative of data ex ltration efforts?

2023-04-20T08 30 00.123Z INFO ApplicationServer - User 'jdoe' initiated login process from IP: 172.16.254.1
2023-04-20T08 30 05.456Z INFO ApplicationServer - User 'jdoe' successfully authenticated.
2023-04-20T08 32 22.789Z WARN ApplicationServer - Unexpected input validation failure in module 'PaymentProcessor'.
2023-04-20T08 33 15.012Z ERROR ApplicationServer - System exception occurred: stack over ow exception in module
'PaymentProcessor'.
2023-04-20T08 35 00.678Z INFO ApplicationServer - New user 'tempUser' created by 'admin'.
2023-04-20T08 36 45.901Z INFO ApplicationServer - User 'tempUser' initiated login process from IP: 203.0.113.42
2023-04-20T08 37 00.345Z INFO ApplicationServer - User 'tempUser' assigned role 'Administrator' by 'admin'.
2023-04-20T08 39 15.678Z ALERT ApplicationServer - Multiple failed login attempts for user 'admin' from IP: 198.51.100.7
2023-04-20T08 41 30.123Z WARN ApplicationServer - Unusual activity: High volume of data requests by user 'tempUser'.
2023-04-20T08 43 00.456Z ALERT ApplicationServer - Outbound traf c spike detected.
2023-04-20T08 45 30.789Z INFO ApplicationServer - User 'jdoe' initiated logout process.

A. 2023-04-20T08 43 00.456Z ALERT ApplicationServer - Outbound traf c spike detected.

B. 2023-04-20T08 30 00.123Z INFO ApplicationServer - User 'jdoe' initiated login process from IP: 172.16.254.1

C. 023-04-20T08 33 15.012Z ERROR ApplicationServer - System exception occurred: stack over ow exception in module

'PaymentProcessor'.

D. 2023-04-20T08 41 30.123Z WARN ApplicationServer - Unusual activity: High volume of data requests by user 'tempUser'.

The log entry indicating an outbound traf c spike is a strong indicator of potential data ex ltration, especially following other
suspicious activities by 'tempUser'.

50. A multinational corporation uses key escrow to manage the encryption keys of its overseas branches. Due to legal requirements
in different countries, the corporation must be able to provide encrypted data to law enforcement upon request. How does key
escrow assist in meeting these legal obligations?

A. By decentralizing key management to each branch.

B. By encrypting all data transmissions between branches.

C. By providing a backup of all encryption keys.

D. By enabling authorized retrieval of encryption keys.

Key escrow plays a vital role in situations where organizations need to comply with legal requirements, such as providing access to
encrypted data to law enforcement agencies. In this case, the multinational corporation's use of key escrow allows for the secure
storage of encryption keys with the ability for authorized retrieval. When a legal requirement arises to decrypt data for law
enforcement purposes, the corporation can access the relevant encryption keys through the key escrow system. This capability
ensures that the corporation can comply with legal requests without compromising the overall security of its encrypted data. The
key escrow system offers a balanced approach to maintaining data privacy while adhering to legal obligations in various jurisdictions.

51. An e-commerce company uses le integrity monitoring to protect sensitive customer data stored on its servers. Following a
recent data breach, it was found that the breach occurred through a modi ed con guration le that went undetected by the FIM
system. What action should the company take to enhance the FIM system's ability to detect such unauthorized modi cations in the
future?

A. Disable FIM to rely solely on traditional antivirus solutions for le monitoring.

B. Implement real-time monitoring and alerting for critical con guration les in the FIM system.

C. Reduce the frequency of FIM scans to focus only on periodic comprehensive audits.

D. Limit FIM to monitor only executable les and ignore con guration les.

To prevent future data breaches like the one experienced, the company needs to enhance the le integrity monitoring system's
capability to detect unauthorized modi cations, especially in critical con guration les. Option A, disabling FIM, would remove an
essential security layer. Option C, reducing the frequency of FIM scans, could delay the detection of unauthorized changes. Option D,
limiting FIM to monitor only executable les, overlooks the importance of monitoring con guration les, which was the source of the
breach. The most effective action is Option B, implementing real-time monitoring and alerting for critical con guration les. This
approach ensures that any unauthorized changes to important con guration les are detected immediately, allowing for prompt
response and mitigation, thereby enhancing the overall security of sensitive customer data.

52. During a routine audit, a nancial institution discovered unauthorized access to its network. The incident response team
successfully isolated the affected systems, but there was confusion regarding the next steps, leading to delays in resolving the
incident. What is the MOST important element to include in the incident response plan to address this issue?

A. Detailed procedures for each phase of the incident response process.

B. A larger budget for the incident response team.

C. Regular training on new cybersecurity threats.

D. A policy for compensating customers in case of data breaches.

The most important element to include in the incident response plan is detailed procedures for each phase of the incident response
process (Option A). This provides clear guidance to the response team on the actions to take during an incident, minimizing
confusion and delays. While a larger budget (Option B) and regular training (Option C) are bene cial, they do not directly address the
issue of procedural clarity. Compensation policies (Option D) are important for customer relations but do not improve the ef ciency
of incident response.

53. A security team at DataSight Solutions utilizes OSINT to enhance their threat intelligence capabilities. They gather information
from various online sources, including social media, forums, and news sites. To effectively use OSINT in their vulnerability
management strategy, which TWO of the following actions should the team prioritize? (SELECT TWO)

A. Regularly update the organization's security policies based on OSINT ndings.

B. Cross-reference and validate OSINT ndings with other intelligence sources.

C. Focus exclusively on information obtained from of cial government sources.

D. Train employees on recognizing and reporting potential threats identi ed through OSINT.

Open-source intelligence (OSINT) is a valuable tool for gathering information about potential cybersecurity threats, but it requires
careful handling to be effective. Option B, cross-referencing and validating OSINT ndings with other intelligence sources, is crucial
for ensuring the accuracy and reliability of the information gathered. This practice helps in distinguishing credible threats from
misinformation or disinformation. Option D, training employees on recognizing and reporting potential threats identi ed through
OSINT, leverages the collective awareness of the organization and increases the chances of early detection of relevant threats. It
empowers employees to contribute to the organization's security posture. Option A, regularly updating security policies, is important
but not speci c to the use of OSINT. Option C, focusing exclusively on of cial government sources, is too restrictive and overlooks
the diverse range of valuable information available through various open-source platforms.

54. A small business has recently implemented a new customer relationship management (CRM) system. After a data breach, it is
found that sensitive customer data was exposed. In this scenario, who should be identi ed as the risk owner for the CRM system, and
what action should they prioritize?

A. The Customer Service Manager, focusing on customer communication and support.

B. The Sales Manager, concentrating on mitigating potential sales impact.

C. The IT Administrator, focusing on securing the CRM system and preventing future breaches.

D. The Marketing Manager, focusing on reputation management and public relations.

Given that the risk involves a data breach in the CRM system, the IT Administrator is best suited to be the risk owner for this speci c
issue (Option C). The primary action that the IT Administrator should prioritize is securing the CRM system and implementing
measures to prevent future breaches. This includes conducting a thorough investigation of the breach, identifying and xing
vulnerabilities, and enhancing security protocols and practices related to the CRM system. The Customer Service Manager (Option A)
and Marketing Manager (Option D) may have roles in addressing customer concerns and reputation management, respectively, but
they are not typically responsible for the technical aspects of CRM system security. The Sales Manager (Option B) would focus on
sales impact but is not the appropriate risk owner for managing the security of the CRM system.

55. A healthcare provider is audited for compliance with the Health Insurance Portability and Accountability Act (HIPAA). The audit
reveals that patient records are accessible by all staff members and there is no tracking of who accesses the records. Which TWO of
the following measures should the healthcare provider implement to address these compliance issues? (SELECT TWO)

A. Encrypt all patient records.

B. Implement role-based access control.

C. Conduct regular security awareness training for staff.

D. Establish audit logs for access to patient records.

To address the issues identi ed in the HIPAA compliance audit, the healthcare provider needs to focus on controlling and monitoring
access to patient records. Implementing role-based access control (Option B) ensures that only authorized personnel with speci c
roles can access patient records, thereby limiting unnecessary access. Establishing audit logs for access to patient records (Option D)
provides a mechanism to track and monitor who accesses patient information, which is essential for identifying and preventing
unauthorized access or data breaches. Encrypting all patient records (Option A) is an important security measure, but it does not
directly address the issues of access control and monitoring. Conducting regular security awareness training for staff (Option C) is
bene cial for overall security but does not speci cally address the issues of access control and auditing identi ed in the audit.

56. A cloud service provider is optimizing its data centers to handle large-scale data processing tasks for its clients. The provider is
considering implementing parallel processing capabilities. What is the primary bene t of incorporating parallel processing in the data
center's architecture for these large-scale tasks?

A. Reducing the physical space required for servers

B. Enhancing the security of data through complex encryption algorithms

C. Increasing the processing speed and ef ciency of large-scale computations

D. Decreasing the overall cost of electricity for data center operations

The primary bene t of incorporating parallel processing in a data center's architecture, especially for handling large-scale data
processing tasks, is increasing the processing speed and ef ciency of large-scale computations (C). Parallel processing allows for the
division of tasks into smaller parts that are processed simultaneously across multiple processors. This signi cantly speeds up the
processing time for complex and large-scale tasks, improving overall ef ciency and performance. While reducing physical space for
servers (A) and decreasing electricity costs (D) are important considerations for data center operations, they are not the direct
bene ts of parallel processing. Enhancing data security through encryption (B) is crucial, but it is not the primary advantage of
parallel processing in the context of large-scale data computations. Therefore, option C, Increasing the processing speed and
ef ciency of large-scale computations, is the correct answer.

57. An educational institution removes non-essential software from its network servers as part of a security enhancement initiative.
After this change, the servers experience fewer security incidents and vulnerabilities. What is the main reason for the removal of
unnecessary software in this scenario?

A. To increase the data processing speed of the servers.

B. To facilitate easier access to educational resources.

C. To decrease the likelihood of security breaches and vulnerabilities.

D. To reduce the costs associated with server maintenance.

The main reason for the removal of unnecessary software from network servers in an educational institution is to decrease the
likelihood of security breaches and vulnerabilities. Non-essential software can introduce additional security risks, as each installed
application potentially increases the attack surface and the number of vulnerabilities that can be exploited. By removing this
software, the institution strengthens its server security, reducing the chances of security incidents and vulnerabilities being
exploited. This measure is focused on enhancing the security and integrity of the network infrastructure, rather than increasing data
processing speed (Option A), facilitating access to resources (Option B), or reducing maintenance costs (Option D).

58. When implementing and managing antivirus solutions in an organizational setting, which TWO of the following best practices
should be prioritized to maximize the effectiveness of the antivirus software? (SELECT TWO)

A. Regularly updating the antivirus software with the latest virus de nitions and software patches

B. Disabling real-time scanning to improve system performance

C. Ensuring that antivirus software is installed on all endpoints, including mobile devices and servers

D. Limiting user privileges to prevent the installation of unauthorized software

Regularly updating the antivirus software (Option A) is essential to maintain its effectiveness against new and emerging threats.
Antivirus software relies on virus de nitions to identify and neutralize malware, so keeping these de nitions up to date is crucial.
Ensuring that antivirus software is installed on all endpoints (Option C), including mobile devices and servers, provides
comprehensive protection across the organization's network. This prevents gaps in security where malware could enter or
propagate. Disabling real-time scanning (Option B) would reduce the antivirus software's ability to detect and prevent threats as they
occur. Limiting user privileges (Option D) is a good security practice, but it does not directly pertain to the effectiveness of antivirus
software.

59. An online retailer has noticed a pattern of fraudulent transactions originating from certain IP addresses. To effectively monitor
and identify such activities in the future, which detective control should the security team focus on implementing?

A. Installing a web application rewall (WAF)

B. Setting up a system for real-time transaction monitoring

C. Implementing two-factor authentication for customer logins

D. Conducting regular vulnerability assessments

Setting up a system for real-time transaction monitoring (B) is the most effective detective control for identifying patterns of
fraudulent transactions. This system will allow the online retailer to continuously analyze transaction data as it occurs, detecting
anomalies or suspicious activities that match known patterns of fraud, such as those from speci c IP addresses. By alerting the
security team to these activities in real time, the retailer can take immediate action to prevent fraud. While a web application rewall
(WAF) (A) is useful for protecting web applications from attacks, it is more of a preventive control. Implementing two-factor
authentication (C) strengthens login security but doesn't directly monitor transactional fraud. Regular vulnerability assessments (D)
are important for identifying security weaknesses but are not focused on real-time detection of fraudulent transactions.

60. A healthcare organization is reviewing its authentication protocols to secure access to electronic health records (EHR) systems
and other sensitive medical databases. The organization aims to protect patient data and ensure compliance with health data
protection regulations. Which TWO of the following authentication protocols should be prioritized for implementation to achieve
these objectives? (SELECT TWO)

A. Utilizing Fast Identity Online (FIDO) protocols for strong, phishing-resistant authentication.

B. Implementing Lightweight Directory Access Protocol (LDAP) for ef cient user and resource management.

C. Adopting Time-based One-Time Password (TOTP) algorithm for generating dynamic, time-sensitive passwords.

D. Applying Extensible Authentication Protocol (EAP) for securing wireless network access to medical databases.

Utilizing Fast Identity Online (FIDO) protocols (A) should be prioritized as they offer strong, phishing-resistant authentication, which
is crucial for protecting access to sensitive health records. FIDO protocols support biometric authentication and hardware security
keys, providing a high level of security assurance. Adopting the Time-based One-Time Password (TOTP) algorithm (C) for generating
dynamic, time-sensitive passwords is another effective measure. TOTP enhances security by ensuring that each password is only
valid for a short period, reducing the risk of unauthorized access. While LDAP (B) is useful for directory services and user
management, it does not provide the same level of authentication security as FIDO and TOTP. EAP (D) is important for securing
wireless networks but does not speci cally address authentication for accessing EHR systems and medical databases.

61. While analyzing Linux system logs, a security analyst discovers entries showing repeated attempts to execute a privileged
command by a non-privileged user. The command is known to be used for system administration tasks and is not necessary for the
user's role. What should be the FIRST course of action to address this issue?

A. Revoke the user's access to the Linux system.

B. Conduct an immediate audit of all user permissions on the system.

C. Educate the user about proper use of system commands and resources.

D. Implement command-level auditing to track usage of sensitive commands.

The discovery of repeated attempts to execute a privileged command by a non-privileged user indicates a potential security risk or
misuse of the system. The rst action should be to conduct an audit of user permissions to ensure that users only have access to
commands and resources necessary for their roles. This audit can identify any miscon gurations or inappropriate access rights that
might allow such behavior. Revoking the user's access (Option A) might be necessary later but is premature without understanding
the full context. Educating the user (Option C) is important but should follow the audit to address any systemic issues rst.
Implementing command-level auditing (Option D) is a good security practice but is a secondary measure compared to reviewing and
correcting permissions.

62. During a security training session, a company emphasizes the importance of verifying the identity of callers requesting sensitive
information. The trainer highlights a recent case where an attacker, impersonating a vendor, obtained con dential contract details
over the phone. This scenario underscores the necessity of which security best practice to prevent similar voice call-based attacks?

A. Using caller ID veri cation

B. Implementing strict call logging procedures

C. Enforcing a policy of not discussing sensitive information over the phone

D. Establishing a veri cation process for phone call requests

Establishing a veri cation process for phone call requests (D) is a critical security best practice to prevent similar voice call-based
attacks. This process involves con rming the caller's identity and the legitimacy of their request, especially when sensitive
information is involved. Veri cation can include calling back through a known of cial number, using pre-arranged questions or
codes, or seeking con rmation from a supervisor. This practice helps ensure that employees do not inadvertently divulge con dential
information to unauthorized individuals. Using caller ID veri cation (A) can be helpful but is not foolproof, as caller IDs can be
spoofed. Implementing strict call logging procedures (B) is important for record-keeping but does not directly prevent the disclosure
of sensitive information. Enforcing a policy of not discussing sensitive information over the phone (C) can reduce risk but may not be
practical in all business scenarios and does not address the need for secure communication methods.

63. During a routine network scan, a security analyst discovers several open ports on a server that hosts sensitive data. One of the
open ports is associated with a legacy application that is no longer in use. The analyst later learns that an attacker exploited this open
port to gain unauthorized access to the server. This incident primarily illustrates the risk associated with which security oversight?

A. Lack of encryption on data transmissions

B. Insuf cient network segmentation

C. Open service ports on critical systems

D. Inadequate user access controls

The risk primarily illustrated in this scenario is the presence of open service ports on critical systems (C). Open ports, especially
those associated with legacy applications or services that are no longer in use, can provide an entry point for attackers to exploit
vulnerabilities and gain unauthorized access to a system. In this case, the attacker was able to exploit the open port related to the
legacy application to access the server hosting sensitive data. This highlights the importance of regularly reviewing and closing
unnecessary open ports to reduce the attack surface. The issue here is not related to the lack of encryption on data transmissions (A),
insuf cient network segmentation (B), or inadequate user access controls (D), although these are also important security concerns.

You have not answered this question

64. A security analyst at a corporation discovers that an attacker has been sending emails to employees that appear to come from
the CEO, asking for sensitive company information. The analyst determines that the attacker is using email address spoo ng.
What is the MOST effective measure the corporation should implement to prevent such email forgery attacks?

A. Enable spam lters to block emails from unknown external sources.

B. Implement Domain-based Message Authentication, Reporting, and Conformance (DMARC).

C. Encrypt all outgoing and incoming emails within the corporation.

D. Conduct regular security awareness training for employees on identifying phishing emails.

The most effective measure to prevent email address spoo ng and forgery is to implement Domain-based Message
Authentication, Reporting, and Conformance (DMARC) (Option B). DMARC works alongside SPF (Sender Policy Framework) and
DKIM (DomainKeys Identi ed Mail) to authenticate the sender's identity and ensure that emails are not being spoofed. While
enabling spam lters (Option A) and conducting security awareness training (Option D) are important, they may not be suf cient
to prevent sophisticated spoo ng attacks. Encrypting emails (Option C) secures the content of emails but does not address the
issue of email address spoo ng.

65. A security analyst at a telecommunications company is assessing the vulnerability of the company's cellular network to various
cyber threats. One concern is the risk of man-in-the-middle (MitM) attacks on cellular communications. What should be the
PRIMARY focus of the analyst's strategy to mitigate the risk of MitM attacks on the company's cellular network?

A. Implementing stronger encryption protocols for voice and data transmission over the cellular network.

B. Requiring customers to use Virtual Private Networks (VPNs) for all internet activities on their mobile devices.

C. Increasing the physical security of cell towers and other network infrastructure components.

D. Educating customers about the risks of using public Wi-Fi networks for sensitive communications.

The primary focus to mitigate the risk of MitM attacks on a cellular network should be implementing stronger encryption protocols
for voice and data transmission (A). This approach directly addresses the vulnerability by ensuring that communications are securely
encrypted, making it much more dif cult for attackers to intercept or manipulate the data being transmitted. While requiring VPN
use (B) can enhance security for internet activities, it does not address the underlying network vulnerabilities. Increasing physical
security of network infrastructure (C) is important but does not protect against MitM attacks that occur over the airwaves. Educating
customers about public Wi-Fi risks (D) is bene cial but is not directly related to securing cellular network communications.

66. A company's security policy requires that all unnecessary ports and protocols be closed on their network to minimize the attack
surface. During a security audit, it was found that port 21 (FTP) is open on a server hosting sensitive nancial data. FTP is not used for
any business operations on this server. Which of the following actions should the security team take to adhere to the company's
security policy and protect the sensitive data?

A. Leave port 21 open but monitor it for any unauthorized access.

B. Redirect traf c from port 21 to a more secure port.

C. Close port 21 and ensure no business operations are affected.

D. Encrypt all traf c passing through port 21.

The company's security policy requires minimizing the attack surface by closing unnecessary ports and protocols. Option A, leaving
port 21 open and monitoring it, does not align with the policy of minimizing the attack surface. Option B, redirecting traf c from port
21 to a more secure port, is unnecessary as FTP is not used for any business operations on this server. Option D, encrypting traf c
through port 21, does not address the policy requirement to close unnecessary ports. The best action is Option C, closing port 21 and
ensuring no business operations are affected. This action directly adheres to the security policy and reduces the potential for
exploitation by eliminating an unnecessary and potentially vulnerable service.

67. A large corporate enterprise has implemented content categorization in its web ltering system to enhance network security and
productivity. Despite this, the IT department has observed a surge in employee access to social media and gaming websites during
work hours. The company's policy restricts access to such sites to maintain focus and productivity. As the network administrator,
what modi cation should you make to the web ltering system to enforce the company's policy more effectively?

A. Disable content categorization and block all non-business-related websites.

B. Fine-tune the content categorization to speci cally identify and block social media and gaming websites.

C. Allow unrestricted access to all websites and monitor employee activity for performance evaluation.

D. Implement a schedule-based ltering system that allows access to these websites only during breaks.

In this scenario, the goal is to enforce the company's policy of restricting access to non-business-related websites such as social
media and gaming sites. Option A, disabling content categorization and blocking all non-business-related websites, may be overly
restrictive and could block legitimate resources. Option C, allowing unrestricted access and monitoring for performance evaluation,
does not address the policy of restricting access. Option D, implementing schedule-based ltering, may partially address the issue
but does not fully enforce the company's policy. The most effective solution is Option B, ne-tuning the content categorization in the
web ltering system. By speci cally identifying and blocking categories related to social media and gaming, the network
administrator can enforce the company's policy more effectively while still allowing access to other necessary websites.

68. A company's IT security team discovers that a digital certi cate used for securing their web server has been compromised. They
immediately request the certi cate authority (CA) to revoke the certi cate. How does the inclusion of this certi cate in a Certi cate
Revocation List (CRL) enhance the security of the company's web server?

A. It accelerates the web server's performance.

B. It prevents the compromised certi cate from being used maliciously.

C. It updates the web server's software to the latest version.

D. It increases the storage capacity of the web server.

When a digital certi cate is compromised, including it in a Certi cate Revocation List (CRL) is a critical step in enhancing security. A
CRL is a list maintained by the certi cate authority (CA) that contains certi cates that are no longer valid. By adding the
compromised certi cate to the CRL, the CA effectively noti es all users and systems that check the CRL that this particular
certi cate should no longer be trusted. This action prevents malicious actors from using the compromised certi cate to impersonate
the company's web server, conduct man-in-the-middle attacks, or engage in other deceptive practices. Regularly checking the CRL
helps ensure that communication with the web server remains secure and that only valid, uncompromised certi cates are trusted.

69. When assessing the security features of a Trusted Platform Module (TPM), which of the following functionalities are directly
related to the capabilities of the TPM? (SELECT TWO)

A. Generating and storing cryptographic keys.

B. Scanning les for viruses and malware.

C. Providing hardware-based attestation of the system's integrity.

D. Optimizing the performance of the operating system.

The Trusted Platform Module (TPM) is designed to provide several key security functionalities, primarily related to cryptographic
operations and system integrity. Firstly, generating and storing cryptographic keys is a core function of the TPM. It securely
generates cryptographic keys for various purposes, such as encryption and digital signatures, and stores them in a tamper-resistant
manner. This capability ensures that the keys are protected from unauthorized access and use. Secondly, the TPM provides
hardware-based attestation of the system's integrity. It can securely store measurements of the system's con guration and software
state, allowing it to attest to the integrity of the system during boot processes and other critical operations. This functionality is
important for detecting unauthorized changes and ensuring the trustworthiness of the system. The other options, such as scanning
for viruses and malware or optimizing operating system performance, are not direct functionalities of the TPM, as its primary focus is
on cryptographic operations and system integrity.

70. An organization relies heavily on its IT infrastructure for day-to-day operations. The management is concerned about the
potential impact of power issues on the security and availability of their IT systems. What should be the organization's primary focus
to mitigate the risk of power disruptions to its IT infrastructure?

A. Increasing the processing power of all IT systems to handle more tasks.

B. Regularly training employees on new software and technology updates.

C. Implementing comprehensive power redundancy and backup solutions.

D. Focusing on aesthetic enhancements to the workplace environment.

To mitigate the risk of power disruptions to its IT infrastructure, the organization's primary focus should be on implementing
comprehensive power redundancy and backup solutions (Option C). This includes having backup power sources, such as UPS systems
and generators, to ensure that the IT systems can continue to operate during power outages, thereby maintaining the security and
availability of critical operations. Increasing processing power (Option A), training employees on new software (Option B), and
focusing on aesthetic enhancements (Option D) are unrelated to mitigating the risk of power disruptions and ensuring the continued
operation of IT systems.

71. A healthcare provider manages multiple clinics and hospitals, each generating and accessing large volumes of patient data. The
provider is implementing a data replication strategy to enhance data resilience. What are critical factors to consider in this data
replication strategy? (SELECT TWO)

A. Ensuring that all data is replicated to a single, centralized location for easy access

B. Regularly testing failover processes to ensure seamless data access in case of a primary site failure

C. Implementing strong encryption for replicated data to maintain con dentiality and compliance

D. Using a uniform data format across all replicated data to simplify data management

In implementing a data replication strategy for a healthcare provider managing multiple clinics and hospitals, critical factors to
consider include regularly testing failover processes to ensure seamless data access in case of a primary site failure (B) and
implementing strong encryption for replicated data to maintain con dentiality and compliance (C). Regular failover testing is crucial
to verify that the replicated data can be accessed reliably and seamlessly when the primary data source is unavailable, ensuring
continuity of patient care. Strong encryption of replicated data is essential to protect patient con dentiality and comply with
healthcare regulations, as healthcare data is often sensitive and subject to strict privacy standards. Replicating data to a single,
centralized location (A) is not always advisable due to risks associated with having a single point of failure. Using a uniform data
format (D) can be bene cial for data management but is not as critical as ensuring data availability and security. Therefore, the
correct factors to focus on are B) Regularly testing failover processes and C) Implementing strong encryption for replicated data.

72. As part of a recurring risk assessment, the IT security team at GlobalTech Inc. has noticed an increasing trend in social
engineering attacks targeting their employees. What should be the team's primary focus to effectively manage this risk in their next
assessment cycle?

A. Implementing stricter access controls for sensitive data.

B. Reviewing and updating the company's security awareness training program.

C. Upgrading the physical security measures at the of ce premises.

D. Conducting a comprehensive review of network security protocols.

In the context of recurring risk assessments, it's important to focus on evolving threats and adapt strategies accordingly. While
implementing stricter access controls (Option A) and reviewing network security protocols (Option D) are important, they do not
directly address the risk of social engineering attacks. Upgrading physical security measures (Option C) is also less relevant to social
engineering. The primary focus should be on reviewing and updating the company's security awareness training program (Option B).
Social engineering attacks exploit human vulnerabilities rather than technical weaknesses, making it crucial to ensure employees are
well-informed and vigilant. An effective training program should educate employees about the latest social engineering tactics, how
to recognize them, and the appropriate steps to take when confronted with a potential attack. This proactive approach is key to
managing the identi ed risk in a recurring risk assessment framework.

73. GlobalTech Inc. identi es several vulnerabilities in their network infrastructure. Due to various constraints, immediate patching is
not possible for some vulnerabilities. Which TWO of the following compensating controls should GlobalTech Inc. prioritize to manage
these vulnerabilities effectively? (SELECT TWO)

A. Implement strict access controls to limit exposure to the vulnerable systems.

B. Increase cybersecurity training for all employees to avoid potential exploits.

C. Utilize virtual patching technologies to provide temporary protection.

D. Upgrade all hardware to the latest models to mitigate vulnerabilities.

When immediate patching of vulnerabilities is not feasible, implementing effective compensating controls is crucial for managing the
associated risks. Option A, implementing strict access controls, is a key strategy for limiting exposure to the vulnerable systems. By
restricting who can access these systems and under what conditions, the likelihood of exploitation is reduced. Option C, utilizing
virtual patching technologies, provides temporary protection against known vulnerabilities. Virtual patching can shield the vulnerable
systems from exploits until actual patches are applied. This approach is especially useful for zero-day vulnerabilities or when patches
are delayed. Option B, increasing cybersecurity training, is important for overall security awareness but does not directly address the
vulnerabilities in the network infrastructure. Option D, upgrading all hardware, may not be a practical or relevant solution for
software vulnerabilities and can be resource-intensive.

74. A cybersecurity team in a medium-sized enterprise has automated its patch management process to enhance security. However,
during the last update cycle, several critical systems experienced downtime due to incompatible patches. What is the MOST likely
cause of this issue, considering the automated patch management system?

A. The cybersecurity team's failure to manually test each patch before deployment.

B. The automated system was not con gured to account for system compatibility checks.

C. Inadequate network bandwidth during the patch deployment process.

D. Lack of coordination with the vendor providing the patches.

The most likely cause of the downtime experienced during the automated patch management process is that the system was not
con gured to perform compatibility checks before applying patches to critical systems. Automation in patch management is
intended to improve ef ciency, but it must be con gured to consider the unique requirements and con gurations of each system to
prevent compatibility issues. While manual testing of each patch (option A) and coordination with vendors (option D) are important,
these do not directly address the need for automated compatibility checks. Inadequate network bandwidth (option C) might cause
delays but is less likely to result in compatibility issues.

75. A network administrator at DataGuard Solutions observes repeated false positive alerts from the intrusion detection system (IDS)
regarding a speci c network traf c pattern. The traf c is related to a new collaboration tool recently deployed in the organization. In
light of these ndings, what action should DataGuard Solutions take to enhance the accuracy of their IDS?

A. Completely disable the IDS to avoid future false positives.

B. Analyze the network traf c pattern and adjust the IDS rules to accommodate the legitimate traf c.

C. Replace the IDS with a different security solution.

D. Instruct employees to stop using the new collaboration tool.

In this scenario, the IDS is generating false positives due to its inability to distinguish between malicious and legitimate network
traf c from the new collaboration tool. The appropriate action is to analyze the speci c network traf c pattern associated with the
tool and adjust the IDS rules accordingly. This might involve creating exceptions, modifying detection criteria, or updating the IDS's
signature database to recognize the traf c as benign. This ne-tuning process helps improve the accuracy of the IDS, reducing the
occurrence of false positives while maintaining its effectiveness in detecting genuine threats. Option A, disabling the IDS,
compromises network security. Option C, replacing the IDS, is unnecessary if the issue can be resolved through con guration
changes. Option D, instructing employees to stop using the tool, is impractical and does not address the root cause of the false
positives.

76. Which log entry may indicate exploitation of system vulnerabilities?

2023-04-20T08 30 00.123Z INFO ApplicationServer - User 'jdoe' initiated login process from IP: 172.16.254.1
2023-04-20T08 30 05.456Z INFO ApplicationServer - User 'jdoe' successfully authenticated.
2023-04-20T08 32 22.789Z WARN ApplicationServer - Unexpected input validation failure in module 'PaymentProcessor'.
2023-04-20T08 33 15.012Z ERROR ApplicationServer - System exception occurred: stack over ow exception in module
'PaymentProcessor'.
2023-04-20T08 35 00.678Z INFO ApplicationServer - New user 'tempUser' created by 'admin'.
2023-04-20T08 36 45.901Z INFO ApplicationServer - User 'tempUser' initiated login process from IP: 203.0.113.42
2023-04-20T08 37 00.345Z INFO ApplicationServer - User 'tempUser' assigned role 'Administrator' by 'admin'.
2023-04-20T08 39 15.678Z ALERT ApplicationServer - Multiple failed login attempts for user 'admin' from IP: 198.51.100.7
2023-04-20T08 41 30.123Z WARN ApplicationServer - Unusual activity: High volume of data requests by user 'tempUser'.
2023-04-20T08 43 00.456Z ALERT ApplicationServer - Outbound traf c spike detected.
2023-04-20T08 45 30.789Z INFO ApplicationServer - User 'jdoe' initiated logout process.

A. 2023-04-20T08 32 22.789Z WARN ApplicationServer - Unexpected input validation failure in module 'PaymentProcessor'.

B. 2023-04-20T08 30 05.456Z INFO ApplicationServer - User 'jdoe' successfully authenticated.

C. 2023-04-20T08 37 00.345Z INFO ApplicationServer - User 'tempUser' assigned role 'Administrator' by 'admin'.

D. 2023-04-20T08 36 45.901Z INFO ApplicationServer - User 'tempUser' initiated login process from IP: 203.0.113.42

An unexpected input validation failure followed by a system exception in the 'PaymentProcessor' module suggests a vulnerability that
may have been exploited.

77. A large corporation is enhancing its identity and access management (IAM) system by implementing a robust attestation process.
Which TWO of the following measures should the corporation include to ensure the effectiveness of the attestation process?
(SELECT TWO)

A. Automating the attestation process to eliminate human error.

B. Requiring periodic attestation by immediate supervisors or managers.

C. Implementing strict penalties for non-compliance with the attestation process.

D. Integrating attestation with real-time access monitoring systems.

Requiring periodic attestation by immediate supervisors or managers (Option B) is crucial for ensuring that access rights are
regularly reviewed and con rmed by those with direct knowledge of the employees' roles and responsibilities. This helps maintain
appropriate access levels. Integrating attestation with real-time access monitoring systems (Option D) allows for a more dynamic and
responsive approach to managing access rights, as any discrepancies or unauthorized access can be quickly identi ed and addressed.
While automating the attestation process (Option A) can improve ef ciency, it is not a substitute for the informed judgment of
supervisors or managers. Implementing strict penalties for non-compliance (Option C) may enforce adherence but does not directly
contribute to the effectiveness of the attestation process itself.

78. During a passive security assessment, a team observes that an organization's employees frequently leave their workstations
unlocked when away from their desks. What should be the organization's immediate focus to mitigate the risk of unauthorized access
and data breaches?

A. Implementing an automatic screen lock policy for inactive workstations.

B. Upgrading the physical security of the of ce premises.

C. Installing more advanced antivirus software on all workstations.

D. Conducting a comprehensive network security audit.

A passive security assessment involves observing and analyzing security practices without actively intervening. The observation of
employees leaving their workstations unlocked poses a signi cant security risk. The most direct and effective action to mitigate this
risk is to implement an automatic screen lock policy for inactive workstations (Option A). This policy ensures that workstations are
automatically locked after a period of inactivity, preventing unauthorized access. Upgrading physical security (Option B) and
installing advanced antivirus software (Option C) are important security measures but do not address the speci c issue of
unattended, unlocked workstations. Conducting a network security audit (Option D) is bene cial for overall security but is a broader
approach that does not speci cally target workstation security practices.

79. DataSecure Inc. operates in a highly regulated industry and is currently evaluating a vulnerability in their data processing system.
The vulnerability itself is of moderate severity, but the system processes sensitive customer information. Considering environmental
variables, such as regulatory compliance and data sensitivity, how should DataSecure Inc. prioritize the remediation of this
vulnerability?

A. Prioritize the vulnerability as high due to the sensitive nature of the data and regulatory requirements.

B. Treat the vulnerability as low priority because the inherent severity is moderate.

C. Delay the remediation until a more severe vulnerability is identi ed.

D. Focus on training employees to handle sensitive data more securely.

In vulnerability management, environmental variables play a crucial role in determining the prioritization of vulnerabilities. In this
scenario, despite the moderate inherent severity of the vulnerability, the fact that the system processes sensitive customer
information in a highly regulated industry elevates its priority. The potential for regulatory non-compliance and the high impact of a
data breach involving sensitive information warrant treating this vulnerability with high priority. Remediation should be expedited to
mitigate risks related to data exposure and regulatory penalties. Option B, treating the vulnerability as low priority, disregards the
critical environmental factors. Option C, delaying remediation, is risky given the sensitive data involved. Option D, focusing on
employee training, is important but does not address the immediate technical vulnerability.

80. What part of the email violates common email security best practices and should raise suspicion?

From: IT-Support@examplecorp.com
To: employees@examplecorp.com
Date: April 22, 2023, 09 15
Subject: Urgent: Email Server Update

Dear Employee,

We are conducting an unexpected but necessary update to our email servers due to recent security threats. To ensure the continuity
of your email services, please click on the link below to con rm your account details:

http://examplecorp-update.com/login

Your prompt action is required to avoid any disruption to your service.

Best regards,
IT Support Team
ExampleCorp

Note: Please do not respond to this email.

A. The inclusion of a direct link to a login page.

B. The signature "IT Support Team."

C. The statement about conducting an "unexpected" update.

D. The email being sent to all employees.

It is against best practices for IT departments to include direct links to login pages in emails, especially for actions involving sensitive
account details. Employees should be instructed to navigate to the company website or portal independently to perform such
updates.

81. A security analyst is reviewing packet captures from the network perimeter and observes multiple packets with a source port of
20 and a destination port of 80, originating from an external IP address. The packets contain payload data that appears to be
executable code. Considering the ports involved and the nature of the payload, what is the MOST likely explanation for this traf c?

A. It is routine FTP data transfer from an external source.

B. The network is experiencing a DDoS attack from the external IP address.

C. There is an attempt to exploit a vulnerability on the web server.

D. The packets are part of normal web browsing traf c.

The key indicators in this scenario are the unusual combination of source port 20 (commonly used for FTP data) and destination port
80 (used for HTTP traf c), along with the executable code in the payload. This suggests an attempt to exploit a vulnerability on a web
server (port 80) using packets disguised as FTP data (port 20), potentially to execute malicious code. Routine FTP data transfer
(Option A) would typically involve different destination ports associated with FTP. A DDoS attack (Option B) would likely involve a
ood of traf c, not necessarily packets with executable code payloads. Normal web browsing traf c (Option D) does not typically
originate from port 20 and would not contain executable code payloads.

82. An organization stores hashed passwords for user authentication in its database. When users log in, their password inputs are
hashed and compared with the stored hash values. What is the primary security advantage of storing hashed passwords instead of
plain text passwords?

A. It simpli es the user login process.

B. It ensures that passwords are not easily readable if the database is compromised.

C. It allows users to recover their passwords if forgotten.

D. It automatically updates passwords on a regular basis.

Storing hashed passwords in a database, as opposed to plain text passwords, provides a signi cant security advantage in user
authentication systems. Hashing transforms the passwords into unique hash values, which are xed-size strings that do not reveal
the original password. In the event that the database is compromised, the hashed passwords are not easily readable or reversible to
their original form. This means that even if an attacker gains access to the database, they cannot easily obtain the actual passwords of
the users. Hashing thus adds a layer of security by protecting user passwords from being exposed in their readable form, signi cantly
reducing the risk of password-based attacks and enhancing the overall security of the user authentication process.

83. A cybersecurity team in a multinational corporation is conducting a tabletop exercise to simulate a ransomware attack on their
network. The exercise involves various departments, including IT, legal, and public relations. What is the PRIMARY objective of
including these diverse departments in the tabletop exercise?

A. To ensure that each department understands their speci c technical roles in mitigating the attack.

B. To assess the overall readiness of the organization to respond to a cyber incident collaboratively.

C. To determine the effectiveness of the existing communication channels between different departments.

D. To provide an opportunity for technical staff to train non-technical employees on cybersecurity best practices.

The primary objective of conducting a tabletop exercise with diverse departments is to assess the overall readiness of the
organization to respond to a cyber incident in a collaborative and coordinated manner (Option B). This type of exercise allows
participants from different functional areas to understand their roles, responsibilities, and interactions during a cyber incident,
thereby testing the organization's collective response capabilities. While understanding speci c roles (Option A) and communication
effectiveness (Option C) are important aspects of the exercise, they are secondary to the broader goal of assessing collaborative
readiness. Training non-technical employees (Option D) is not the main focus of a tabletop exercise, which is more about scenario-
based strategy and decision-making.

84. A healthcare organization adheres to the principle of least privilege in managing access to patient records. However, during an
internal audit, it is discovered that several administrative staff members have access to all patient records, regardless of their speci c
job requirements. What is the MOST likely cause of this violation of the least privilege principle?

A. The organization's role-based access control system is not properly con gured.

B. Administrative staff are sharing their access credentials with each other.

C. The organization lacks a policy on regular review of access rights.

D. The electronic health record system has a default setting granting full access to all users.

The most likely cause of the violation of the least privilege principle, where administrative staff have access to all patient records, is
that the organization's role-based access control system is not properly con gured (Option A). In a properly implemented least
privilege environment, access should be limited to what is necessary for each individual's role. If the access control system is not
con gured to re ect these role-speci c requirements accurately, it can result in broader access than necessary. Options B, C, and D
could be contributing factors but do not directly address the core issue of access control con guration.

85. A corporate of ce has integrated various IoT devices, including smart locks, thermostats, and printers, into its network for
enhanced ef ciency and monitoring. The IT department is tasked with ensuring the security of these devices to prevent
unauthorized access and data leakage. What hardening measure is MOST critical for securing these corporate IoT devices?

A. Isolating IoT devices on a separate network VLAN to restrict access from the main corporate network.

B. Installing antivirus software on each IoT device to protect against malware and viruses.

C. Implementing biometric authentication for accessing all IoT devices within the of ce.

D. Conducting regular security training sessions for employees on IoT device usage.

The most critical hardening measure for securing corporate IoT devices is isolating them on a separate network VLAN (A). This
network segmentation effectively limits the IoT devices' exposure to the main corporate network, reducing the risk of unauthorized
access and potential data leakage. It also prevents IoT devices from becoming entry points for attackers targeting the corporate
network. While installing antivirus software (B) is generally not feasible for most IoT devices, implementing biometric authentication
(C) might not be applicable for all devices and does not address network-level security. Regular security training (D) is important for
employee awareness but does not provide a direct technical measure to secure the IoT devices.

86. During a security audit of a web application, it is discovered that default credentials for an administrative account have not been
changed, leaving the application vulnerable to unauthorized access. This nding is an example of which type of vulnerability?

A. Credential Exposure

B. Miscon guration

C. Insecure Direct Object References

D. Cross-Site Scripting (XSS)

The nding of default credentials for an administrative account not being changed is an example of a Miscon guration vulnerability.
Miscon guration involves the improper setup or con guration of systems, applications, or security controls. In this scenario, the
failure to change default credentials, a basic security practice, created a vulnerability that could be exploited for unauthorized access.
Credential Exposure (Option A) involves exposing sensitive login details, Insecure Direct Object References (Option C) refer to
accessing objects without proper authorization checks, and Cross-Site Scripting (XSS) (Option D) involves injecting malicious scripts
into web pages, which are different from the issue of miscon guration.

87. A security analyst observes that several company workstations have become part of a botnet. Further investigation reveals that
the workstations were compromised through an unpatched vulnerability in the operating system, which allowed remote code
execution. Which of the following actions would have been most effective in preventing this compromise?

A. Implementing application whitelisting

B. Regularly updating antivirus software

C. Applying operating system security patches

D. Enforcing strong user authentication

The scenario indicates that the workstations were compromised through an unpatched vulnerability in the operating system,
allowing remote code execution. The most effective action to prevent this type of compromise is applying operating system security
patches (Option C). Regularly patching the OS ensures that known vulnerabilities are xed, reducing the risk of exploitation by
attackers. While implementing application whitelisting (Option A), regularly updating antivirus software (Option B), and enforcing
strong user authentication (Option D) are important security measures, they would not directly address the speci c issue of an
unpatched OS vulnerability leading to the workstations becoming part of a botnet.

88. An online retail platform experienced a major service outage during a peak shopping season. The outage was caused by a
Distributed Denial of Service (DDoS) attack that overwhelmed the site's servers with a massive amount of traf c. The attack was not
accompanied by any ransom demands or data theft. What is the most likely motivation behind this service disruption?

A. Financial gain through ransomware deployment

B. Corporate sabotage by a competing business

C. Ideological protest by a hacktivist group

D. Service disruption for disruption's sake

The scenario describes a DDoS attack that led to a service outage without any accompanying ransom demands or data theft, which
suggests the primary motive was to disrupt service for its own sake (Option D). This type of attack is often carried out to cause
inconvenience and damage the reputation of the target, rather than for nancial gain (Option A), corporate sabotage (Option B), or
ideological protest (Option C). The lack of a ransom demand or theft of data indicates that the attackers' goal was likely just to create
disruption and chaos.

89. To improve password security, a university plans to provide a password manager for faculty and staff. Which TWO of the
following best practices should the university prioritize when implementing and using the password manager? (SELECT TWO)

A. Ensuring that the password manager uses strong encryption to protect stored passwords.

B. Training faculty and staff on creating and remembering complex passwords without the password manager.

C. Educating faculty and staff on the importance of using a strong, unique master password for the password manager.

D. Requiring faculty and staff to store all personal passwords in the password manager as well as work-related ones.

Ensuring that the password manager uses strong encryption to protect stored passwords (Option A) is crucial for maintaining the
security of the passwords. Strong encryption prevents unauthorized access and ensures that even if there is a breach, the passwords
remain secure. Educating faculty and staff on the importance of using a strong, unique master password for the password manager
(Option C) is vital. The master password is the key to accessing all stored passwords, so it needs to be particularly secure and unique
to prevent unauthorized access to the password manager. Option B is not as relevant because the purpose of using a password
manager is to avoid the need to remember complex passwords. Requiring faculty and staff to store personal passwords (Option D) is
not typically a best practice, as personal and work-related passwords should generally be kept separate for security and privacy
reasons.

90. An organization's email security system automatically quarantines a batch of emails that are suspected of containing phishing
links. Upon manual review, the IT team nds that some of these emails are legitimate business communications. What is the MOST
likely reason for this misclassi cation, and what action should the organization take to prevent such occurrences in the future?

A. Inadequate spam lters; update the email security system's spam lter settings

B. Overly aggressive quarantine settings; ne-tune the email security system's heuristics

C. Lack of user training; conduct a phishing awareness training program

D. Malfunctioning antivirus software; replace the antivirus solution

The misclassi cation of legitimate emails as phishing attempts is most likely due to overly aggressive quarantine settings in the email
security system. The system's heuristics or rules may be set too strictly, causing false positives. The organization should ne-tune
these settings to strike a better balance between security and usability, reducing the likelihood of legitimate emails being incorrectly
quarantined. Options A (Inadequate spam lters) and D (Malfunctioning antivirus software) are less likely causes of this speci c issue.
Option C (Lack of user training) is important for overall phishing awareness but does not address the technical aspect of the
misclassi cation.

Reach Us
Wishlist
Is there a certi cation practice you
The CertPreps Team would love to see here? Drop it in the

info@certpreps.com
Wishlist!

Enter a certi cation practice you w

21,902 Members 0 of 20 max characters.

Wish it!

© 2024 CertPreps | All Rights Reserved | We do not provide exam dumps and fully discourage the use of such.