724. A security team has been alerted to a flood of incoming emails that have various
subject lines and are addressed to multiple email inboxes. Each email contains a URL
shortener link that is redirecting to a dead domain. Which of the following is the best
step for the security team to take?




A. Create a blocklist for all subject lines.
B. Send the dead domain to a DNS sinkhole. Most Voted
C. Quarantine all emails received and notify all employees.
D. Block the URL shortener domain in the web proxy.
726. A data administrator is configuring authentication for a SaaS application and would
like to reduce the number of credentials employees need to maintain. The company
prefers to use domain credentials to access new SaaS applications. Which of the
following methods would allow this functionality?




A. SSO
B. LEAP
C. MFA
D. PEAP
Most voted A
728. Which of the following would be best suited for constantly changing environments?




A. RTOS
B. Containers Most Voted
C. Embedded systems
D. SCAD
729. A newly identified network access vulnerability has been found in the OS of legacy
IoT devices. Which of the following would best mitigate this vulnerability quickly?




A. Insurance
B. Patching
C. Segmentation Most Voted
D. Replacement
730. The local administrator account for a company’s VPN appliance was unexpectedly
used to log in to the remote management interface. Which of the following would have
prevented this from happening?


A. Using least privilege
B. Changing the default password


C. Assigning individual user IDs
D. Implementing multifactor authentication Most Voted
731. SIMULATION You are a security administrator investigating a potential infection on a
network.
INSTRUCTIONS
Click on each host and firewall. Review all logs to determine which host originated the infection and
then identify if each remaining host is clean or infected.
732. Which of the following describes the exploitation of an interactive process to gain
access to restricted areas?




A. Persistence
B. Port scanning
C. Privilege escalation
D. Pharming
MOST voted c
733. SIMULATION
A company recently added a DR site and is redesigning the network. Users at the DR site are
having issues browsing websites.
INSTRUCTIONS
Click on each firewall to do the following:
1. Deny cleartext web traffic.
2. Ensure secure management protocols are used.
3. Resolve issues at the DR site.
The ruleset order cannot be modified due to outside constraints.
734. DRAG DROP
A data owner has been tasked with assigning proper data classifications and destruction methods
for various types of data contained within the environment.
735. A security analyst is assessing several company firewalls. Which of the following
tools would the analyst most likely use to generate custom packets to use during the
assessment?




A. hping Most Voted
B. Wireshark
C. PowerShell
D. netstat
736. A local business was the source of multiple instances of credit card theft.
Investigators found that most payments at this business were made at self-service
kiosks. Which of the following is the most likely cause of the exposed credit card
Information?





A. Insider threat
B. RAT
C. Backdoor
D. Skimming
E. NFC attack
Most voted D
737. An employee recently resigned from a company. The employee was responsible
for managing and supporting weekly batch jobs over the past five years. A few weeks
after the employee resigned, one of the batch jobs failed and caused a major disruption.
Which of the following would work best to prevent this type of incident from reoccurring?




A. Job rotation Most Voted
B. Retention
C. Outsourcing
D. Separation of duties
738. Following a recent security breach, an analyst discovered that user permissions
were added when joining another part of the organization but were not removed from
existing groups. Which of the following policies would help to correct these issues in the
future?




A. Service accounts
B. Account audits most voted
C. Password complexity
D. Lockout policy
739. Which of the following ensures an organization can continue to do business with
minimal interruption in the event of a major disaster?




A. Business recovery plan
B. Incident response plan
C. Communication plan
D. Continuity of operations plan most voted
740. In a rush to meet an end-of-year business goal, the IT department was told to
implement a new business application. The security engineer reviews the attributes of
the application and decides the time needed to perform due diligence is insufficient from
a cybersecurity perspective. Which of the following BEST describes the security
engineer's response?




A. Risk tolerance
B. Risk acceptance Most Voted
C. Risk importance
D. Risk appetite
742. A company wants to reconfigure an existing wireless infrastructure. The company
needs to ensure the projected WAP placement will provide proper signal strength to all
workstations. Which of the following should the company use to best fulfill the
requirements?




A. Network diagram
B. WPS
C. 802.1X
D. Heat map most voted
743. DRAG DROP
A data owner has been tasked with assigning proper data classifications and destruction
methods for various types of data contained within the environment.
745. An enterprise has hired an outside security firm to conduct penetration testing on
its network and applications. The firm has been given all the developer’s documentation
about the internal architecture. Which of the following best represents the type of testing
that will occur?



A. Bug bounty
B. White-box
C. Black-box

D. Gray-box
746. Which of the following are the most likely vectors for the unauthorized or
unintentional inclusion of vulnerable code in a software company’s final software
releases? (Choose two).






A. Certificate mismatch
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries Most Voted
E. Vendors/supply chain Most Voted
F. Outdated anti-malware software
747. A hosting provider needs to prove that its security controls have been in place over
the last six months and have sufficiently protected customer data. Which of the following
would provide the best proof that the hosting provider has met the requirements?




A. NIST CSF
B. SOC 2 Type 2 report
C. CIS Top 20 compliance reports
D. Vulnerability report
748. Which of the following are common VoIP-associated vulnerabilities? (Choose two).






A. SPIM
B. Vishing
C. VLAN hopping
D. Phishing
E. DHCP snooping
F. Tailgating
749. A security administrator received an alert for a user account with the following log activity:
Which of the following best describes the trigger for the alert the administrator received?




A. Number of failed log-in attempts
B. Geolocation
C. Impossible travel time Most Voted
D. Time-based log-in attempt
750. Which of the following is a reason why a forensic specialist would create a plan to
preserve data after an incident and prioritize the sequence for performing forensic
analysis?




A. Order of volatility Most Voted
B. Preservation of event logs
C. Chain of custody
D. Compliance with legal hold
751. In which of the following scenarios is tokenization the best privacy technique to
use?


A. Providing pseudo-anonymization for social media user accounts
B. Serving as a second factor for authentication requests


C. Enabling established customers to safely store credit card information Most Voted
D. Masking personal information inside databases by segmenting data
752. A company develops a complex platform that is composed of a single application.
After several issues with upgrades, the systems administrator recommends breaking
down the application into unique, independent modules. Which of the following best
identifies the systems administrator's recommendation?




A. Virtualization
B. Serverless
C. Microservices Most Voted
D. API gateway
753. A systems administrator is auditing all company servers to ensure they meet the
minimum security baseline. While auditing a Linux server, the systems administrator
observes the /etc/shadow file has permissions beyond the baseline recommendation.
Which of the following commands should the systems administrator use to resolve this
issue?




A. chmod
B. grep
C. dd
D. password
754. A security team received the following requirements for a new BYOD program that
will allow employees to use personal smartphones to access business email:
• Sensitive customer data must be safeguarded.
• Documents from managed sources should not be opened in unmanaged destinations.
• Sharing of managed documents must be disabled.
• Employees should not be able to download emailed images to their devices.
• Personal photos and contact lists must be kept private.
• IT must be able to remove data from lost/stolen devices or when an employee no
longer works for the company.
Which of the following are the best features to enable to meet these requirements?
(Choose two.)






A. Remote wipe
B. VPN connection
C. Biometric authentication
D. Device location tracking
E. Geofencing
F. Application approve list

G. Containerization
755. Which of the following security controls can be used to prevent multiple people
from using a unique card swipe and being admitted to a secure entrance?




A. Visitor logs
B. Faraday cages
C. Access control vestibules Most Voted
D. Motion detection sensors
756. Which of the following cryptographic concepts would a security engineer utilize
while implementing non-repudiation? (Choose two.)






A. Block cipher
B. Hashing
C. Private key
D. Perfect forward secrecy
E. Salting
F. Symmetric keys
757. alrdy