SEC PLUS WRONG ANSWERS STUDY AGAIN
73 A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls. Which of the following should be implemented to BEST address the CSO's concerns?
A CASB An NG-SWG
161 Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only. In order to proceed past that banner, users must click the OK button. Which of the following is this an example of? A. AUP B. NDA C. SLA D. MOU
A. AUP
125 The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk? A. CASB B. VPN concentrator C. MFA D. VPC endpoint
A. CASB
137 After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time? A. CASB B. VPC C. SWG D. CMS
A. CASB
79 Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps? A. CVSS B. SIEM C. SOAR D. CVE
A. CVSS
127 A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether the file was modified in transit before installation on the user's computer. Which of the following can be used to safely assess the file? A. Check the hash of the installation file. B. Match the file names. C. Verify the URL download location. D. Verify the code signing certificate.
A. Check the hash of the installation file.
118 A security proposal was set up to track requests for remote access by creating a baseline of the users' common sign-in properties. When a baseline deviation is detected, an MFA challenge will be triggered. Which of the following should be configured in order to deploy the proposal? A. Context-aware authentication B. Simultaneous authentication of equals C. Extensive authentication protocol D. Agentless network access control
A. Context-aware authentication
88 An administrator is experiencing issues when trying to upload a support file to a vendor. A pop-up message reveals that a payment card number was found in the file, and the file upload was blocked. Which of the following controls is most likely causing this issue and should be checked FIRST? A. DLP B. Firewall rule C. Content filter D. MDM E. Application allow list
A. DLP
182 Which of the following is a known security risk associated with data archives that contain financial information? A. Data can become a liability if archived longer than required by regulatory guidance. B. Data must be archived off-site to avoid breaches and meet business requirements. C. Companies are prohibited from providing archived data to e-discovery requests. D. Unencrypted archives should be preserved as long as possible and encrypted.
A. Data can become a liability if archived longer than required by regulatory guidance.
180 A security analyst is reviewing web-application logs and finds the following log: Which of the following attacks is being observed? A. Directory traversal B. XSS C. CSRF D. On-path attack
A. Directory traversal
144 A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices. Which of the following can be implemented? A. HTTP security header B. DNSSEC implementation C. SRTP D. S/MIME
A. HTTP security header
107 Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement? A. Implement proper network access restrictions. B. Initiate a bug bounty program. C. Classify the system as shadow IT. D. Increase the frequency of vulnerability scans.
A. Implement proper network access restrictions.
142 A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge. A review of the audit logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account. Which of the following does this action describe? A. Insider threat B. Social engineering C. Third-party risk D. Data breach
A. Insider threat
152 A security incident has been resolved. Which of the following BEST describes the importance of the final phase of the incident response plan?
A. It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future.
179 Which of the following explains why RTO is included in a BIA? A. It identifies the amount of allowable downtime for an application or system. B. It prioritizes risks so the organization can allocate resources appropriately. C. It monetizes the loss of an asset and determines a break-even point for risk mitigation. D. It informs the backup approach so that the organization can recover data to a known time.
A. It identifies the amount of allowable downtime for an application or system.
168 A company is under investigation for possible fraud. As part of the investigation, the authorities need to review all emails and ensure data is not deleted. Which of the following should the company implement to assist in the investigation? A. Legal hold B. Chain of custody C. Data loss prevention D. Content filter
A. Legal hold
101 A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found. Which of the following attacks was MOST likely used to cause the data loss?
A. Logic bomb
52 An organization discovered files with proprietary financial data have been deleted. The files have been recovered from backup, but every time the Chief Financial Officer logs in to the file server, the same files are deleted again. No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior? A. Logic bomb B. Cryptomalware C. Spyware D. Remote access Trojan
A. Logic bomb
110 Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement? A. MOU B. ISA C. SLA D. NDA
A. MOU
105 Which of the following is assured when a user signs an email using a private key? A. Non-repudiation B. Confidentiality C. Availability D. Authentication
A. Non-repudiation
119 Which of the following secure coding techniques makes compromised code more difficult for hackers to use? A. Obfuscation B. Normalization C. Execution D. Reuse
A. Obfuscation
135 An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place? A. On-path attack B. Protocol poisoning C. Domain hijacking D. Bluejacking
A. On-path attack
164 Two hospitals merged into a single organization. The privacy officer requested a review of all records to ensure encryption was used during record storage, in compliance with regulations. During the review, the officer discovered that medical diagnosis codes and patient names were left unsecured. Which of the following types of data does this combination BEST represent? A. Personal health information B. Personally identifiable information C. Tokenized data D. Proprietary data
A. Personal health information
116 Which of the following is an example of transference of risk? A. Purchasing insurance B. Patching vulnerable servers C. Retiring outdated applications D. Application owner risk sign-off
A. Purchasing insurance
55 A recent security breach exploited software vulnerabilities in the firewall and within the network management solution. Which of the following will MOST likely be used to identify when the breach occurred through each device? A. SIEM correlation dashboards B. Firewall syslog event logs C. Network management solution login audit logs D. Bandwidth monitors and interface sensors
A. SIEM correlation dashboards
93 A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company? A. SaaS B. IaaS C. PaaS D. SDN
A. SaaS
121 A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department. Which of the following account types is MOST appropriate for this purpose? A. Service B. Shared C. Generic D. Admin
A. Service
108 Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change? A. The business continuity plan B. The retention policy C. The disaster recovery plan D. The incident response plan
A. The business continuity plan
166 An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on the other company servers without issue. Which of the following is the MOST likely reason for this finding?
A. The required intermediate certificate is not loaded as part of the certificate chain.
112 The board of directors at a company contracted with an insurance firm to limit the organization's liability. Which of the following risk management practices does this BEST describe? A. Transference B. Avoidance C. Mitigation D. Acknowledgement
A. Transference
100 Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall? A. Transit gateway B. Cloud hot site C. Edge computing D. DNS sinkhole
A. Transit gateway
32 A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of the following is theBEST remediation strategy? A. Update the base container Image and redeploy the environment. B. Include the containers in the regular patching schedule for servers. C. Patch each running container individually and test the application. D. Update the host in which the containers are running.
A. Update the base container Image and redeploy the environment.
141 A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements? A. User certificate B. Self-signed certificate C. Computer certificate D. Root certificate
A. User certificate
109 While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor? A. Utilizing SIEM correlation engines B. Deploying Netflow at the network border C. Disabling session tokens for all sites D. Deploying a WAF for the web server
A. Utilizing SIEM correlation engines
145 A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by: A. employees of other companies and the press. B. all members of the department that created the documents. C. only the company's employees and those listed in the document. D. only the individuals listed in the documents.
A. employees of other companies and the press.
102 Digital signatures use asymmetric encryption. This means the message is encrypted with: A. the sender's private key and decrypted with the sender's public key. B. the sender's public key and decrypted with the sender's private key. C. the sender's private key and decrypted with the recipient's public key. D. the sender's public key and decrypted with the recipient's private key.
A. the sender's private key and decrypted with the sender's public key
114 DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfills the architect's requirements?
An orchestration solution that can adjust scalability of cloud assets Most Voted
146 Which of the following is the MOST relevant security check to be performed before embedding third-party libraries in developed code?
Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries' developers.
49 An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an IoC? A. Reimage the impacted workstations. B. Activate runbooks for incident response. C. Conduct forensics on the compromised system. D. Conduct passive reconnaissance to gather information.
B. Activate runbooks for incident response.
53 A security analyst has identified malware spreading through the corporate network and has activated the CSIRT. Which of the following should the analyst do NEXT? A. Review how the malware was introduced to the network. B. Attempt to quarantine all infected hosts to limit further spread. C. Create help desk tickets to get infected systems reimaged. D. Update all endpoint antivirus solutions with the latest updates
B. Attempt to quarantine all infected hosts to limit further spread.
162 The Chief Information Security Officer is concerned about employees using personal email rather than company email to communicate with clients and sending sensitive business information and PII. Which of the following would be the BEST solution to install on the employees' workstations to prevent information from leaving the company's network? A. HIPS B. DLP C. HIDS D. EDR
B. DLP
94 Which of the following employee roles is responsible for protecting an organization's collected personal information? A. CTO B. DPO C. CEO D. DBA
B. DPO
61 Data exfiltration analysis indicates that an attacker managed to download system configuration notes from a web server. The web-server logs have been deleted, but analysts have determined that the system configuration notes were stored in the database administrator's folder on the web server. Which of the following attacks explains what occurred? (Choose two.) A. Pass-the-hash B. Directory traversal C. SQL injection D. Privilege escalation E. Cross-site scripting F. Request forgery
B. Directory traversal D. Privilege escalation
172 A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place? A. Input validation B. Dynamic code analysis C. Fuzzing D. Manual code review
B. Dynamic code analysis
68 Which of the following uses SAML for authentication? A. TOTP B. Federation C. Kerberos D. HOTP
B. Federation
139 A company is receiving emails with links to phishing sites that look very similar to the company's own website address and content. Which of the following is the BEST way for the company to mitigate this attack?
B. Generate a list of domains similar to the company's own and implement a DNS sinkhole for each.
159 A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional brownouts that last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?
B. Generator
136 A company is considering transitioning to the cloud. The company employs individuals from various locations around the world. The company does not want to increase its on premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company? A. Private cloud B. Hybrid environment C. Managed security service provider D. Hot backup sit
B. Hybrid environment
71 A security analyst has been asked by the Chief Information Security Officer to:✑ develop a secure method of providing centralized management of infrastructure✑ reduce the need to constantly replace aging end user machines✑ provide a consistent user desktop experienceWhich of the following BEST meets these requirements? A. BYOD B. Mobile device management C. VDI D. Containerization
B. Mobile device management
85 Field workers in an organization are issued mobile phones on a daily basis. All the work is performed within one city, and the mobile phones are not used for any purpose other than work. The organization does not want these phones used for personal purposes. The organization would like to issue the phones to workers as permanent devices so the phones do not need to be reissued every day. Given the conditions described, which of the following technologies would BEST meet these requirements?
B. Mobile device management
65 A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack atLayer 7? (Choose two.) A. HIDS B. NIPS C. HSM D. WAF E. NAC F. NIDS
B. NIPS D. WAF
82 Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the Internet. No business emails were identified in the breach, but the security team thinks that the list of passwords exposed was later used to compromise business accounts. Which of the following would mitigate the issue? A. Complexity requirements B. Password history C. Acceptable use policy D. Shared accounts
B. Password history
140 A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior? A. Rainbow table attack B. Password spraying C. Logic bomb D. Malware bot
B. Password spraying
173 Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts? A. Smart card B. Push notifications C. Attestation service D. HMAC-based E. one-time password
B. Push notifications
115 Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities? A. EOL B. SLA C. MOU D. EOSL
B. SLA
99 A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output: Which of the following is MOST likely occurring?
B. SQLi attack
160 Which of the following would be the BEST way to analyze diskless malware that has infected a VDI? A. Shut down the VDI and copy off the event logs. B. Take a memory snapshot of the running system. C. Use NetFlow to identify command-and-control IPs. D. Run a full on-demand scan of the root volume.
B. Take a memory snapshot of the running system.
132 During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this reasoning? A. The forensic investigator forgot to run a checksum on the disk image after creation. B. The chain of custody form did not note time zone offsets between transportation regions. C. The computer was turned off, and a RAM image could not be taken at the same time. D. The hard drive was not properly kept in an antistatic bag when it was moved.
B. The chain of custody form did not note time zone offsets between transportation regions.
111 The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to implement? A. DLP B. USB data blocker C. USB OTG D. Disabling USB ports
B. USB data blocker
165 A company discovered that terabytes of data have been exfiltrated over the past year after an employee clicked on an email link. The threat continued to evolve and remain undetected until a security analyst noticed an abnormal amount of external connections when the employee was not working. Which of the following is the MOST likely threat actor? A. Shadow IT B. Script kiddies C. APT D. Insider threat
C. APT
175 The president of a regional bank likes to frequently provide SOC tours to potential investors. Which of the following policies BEST reduces the risk of malicious activity occurring after a tour? A. Password complexity B. Acceptable use C. Access control D. Clean desk
C. Access control
129 Which of the following would BEST provide detective and corrective controls for thermal regulation? A. A smoke detector B. A fire alarm C. An HVAC system D. A fire suppression system E. Guards
C. An HVAC system
74 An organization is planning to roll out a new mobile device policy and issue each employee a new laptop. These laptops would access the users' corporate operating system remotely and allow them to use the laptops for purposes outside of their job roles. Which of the following deployment models is being utilized? A. MDM and application management B. BYOD and containers C. COPE and VDI D. CYOD and VMs
C. COPE and VDI
151 A SOC operator is analyzing a log file that contains the following entries: Which of the following explains these log entries? A. SQL injection and improper input-handling attempts B. Cross-site scripting and resource exhaustion attempts C. Command injection and directory traversal attempts D. Error handling and privilege escalation attempts
C. Command injection and directory traversal attempts
120 As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment? A. User behavior analysis B. Packet captures C. Configuration reviews D. Log analysis
C. Configuration reviews
97 Which of the following should be monitored by threat intelligence researchers who search for leaked credentials? A. Common Weakness Enumeration B. OSINT C. Dark web D. Vulnerability databases
C. Dark web
126 A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect? A. Data in transit B. Data in processing C. Data at rest D. Data tokenization
C. Data at rest
184 A systems engineer wants to leverage a cloud-based architecture with low latency between network-connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints. Which of the following would BEST meet the requirements? (Choose two.) A. Private cloud B. SaaS C. Hybrid cloud D. IaaS E. DRaaS F. Fog computing
C. Hybrid cloud F. Fog computing
50 An amusement park is implementing a biometric system that validates customers' fingerprints to ensure they are not sharing tickets. The park's owner values customers above all and would prefer customers' convenience over security. For this reason, which of the following features should the security team prioritizeFIRST? A. Low FAR B. Low efficacy C. Low FRR D. Low CER
C. Low FRR
104 The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO? A. GDPR compliance attestation B. Cloud Security Alliance materials C. SOC 2 Type 2 report D. NIST RMF workbooks
C. SOC 2 Type 2 report
113 Which of the following is a risk that is specifically associated with hosting applications in the public cloud? A. Unsecured root accounts B. Zero-day C. Shared tenancy D. Insider threat
C. Shared tenancy
148 A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would BEST meet the company's requirements? A. Red-team exercise B. Capture-the-flag exercise C. Tabletop exercise D. Phishing exercise
C. Tabletop exercise
163 On the way into a secure building, an unknown individual strikes up a conversation with an employee. The employee scans the required badge at the door while the unknown individual holds the door open, seemingly out of courtesy, for the employee. Which of the following social engineering techniques is being utilized? A. Shoulder surfing B. Watering-hole attack C. Tailgating D. Impersonation
C. Tailgating
143 A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?
C. Use containerization to segment the application from other applications to eliminate the risk.
174 A company has a flat network in the cloud. The company needs to implement a solution to segment its production and non-production servers without migrating servers to a new network. Which of the following solutions should the company implement? A. Intranet B. Screened subnet C. VLAN segmentation D. Zero Trust
C. VLAN segmentation
83 A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task? A. nmap -pl-65535 192.168.0.10 B. dig 192.168.0.10 C. curl --head http://192.168.0.10 D. ping 192.168.0.10
C. curl --head http://192.168.0.10
147 A help desk technician receives an email from the Chief Information Officer (CIO) asking for documents. The technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?
Check the metadata in the email header of the received path in reverse order to follow the email's path.
54 During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLs on each critical server. Following an investigation, the company realizes it is still vulnerable because outbound traffic is not restricted, and the adversary is able to maintain a presence in the network.In which of the following stages of the Cyber Kill Chain is the adversary currently operating?
Command and control
67 An organization has activated an incident response plan due to a malware outbreak on its network. The organization has brought in a forensics team that has identified an internet-facing Windows server as the likely point of initial compromise. The malware family that was detected is known to be distributed by manually logging on to servers and running the malicious code. Which of the following actions would be BEST to prevent reinfection from the infection vector?
D. Block port 3389 inbound from untrusted networks.
81 A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use? A. Look for tampering on the evidence collection bag. B. Encrypt the collected data using asymmetric encryption. C. Ensure proper procedures for chain of custody are being followed. D. Calculate the checksum using a hashing algorithm.
D. Calculate the checksum using a hashing algorithm.
124 An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. Which of the following control types has the organization implemented? A. Compensating B. Corrective C. Preventive D. Detective
D. Detective
138 Which of the following control types would be BEST to use in an accounting department to reduce losses from fraudulent transactions? A. Recovery B. Deterrent C. Corrective D. Detective
D. Detective
46 An organization wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet the organization's requirement? A. Perform OSINT investigations. B. Subscribe to threat intelligence feeds. C. Submit RFCs. D. Implement a TAXII server.
D. Implement a TAXII server.
178 A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company's cloud environment. Which of the following is an immediate consequence of these integrations? A. Non-compliance with data sovereignty rules B. Loss of the vendors interoperability support C. Mandatory deployment of a SIEM solution D. Increase in the attack surface
D. Increase in the attack surface
185 Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization? A. Asset management policy B. Separation of duties policy C. Acceptable use policy D. Job rotation policy
D. Job rotation policy
58 An organization has developed an application that needs a patch to fix a critical vulnerability. In which of the following environments should the patch be deployed LAST? A. Test B. Staging C. Development D. Production
D. Production
63 A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due and a link to click for more details. Which of the following BEST describes this technique? A. Vishing B. Whaling C. Phishing D. Smishing
D. Smishing
131 An organization maintains several environments in which patches are developed and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status? A. Development B. Test C. Production D. Staging
D. Staging
33 An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five- year cost of the insurance policy. The organization is enabling risk: A. avoidance. B. acceptance. C. mitigation. D. transference.
D. Transference
96 After gaining access to a dual-homed (i.e., wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset. This technique is an example of: A. privilege escalation. B. footprinting. C. persistence. D. pivoting.
D. pivoting.
134 A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?
DLP
133 An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions? A. FRR B. Difficulty of use C. Cost D. FAR E. CER
E. CER
69 The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve. This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed. Which of the following solutions should the SOC consider to BEST improve its response time?
Implement a SOAR with customizable playbooks
91 During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the client's NEXT step to mitigate the issue?
Perform containment on the critical servers and resources.
59 An organization is building backup server rooms in geographically diverse locations. The Chief Information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room. Which of the following should the systems engineer consider?
Purchasing hardware from different vendors
176 A Chief Information Security Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows:* Critical fileshares will remain accessible during and after a natural disaster.* Five percent of hard disks can fail at any given time without impacting the data.* Systems will be forced to shut down gracefully when battery levels are below 20%.Which of the following are required to BEST meet these objectives? (Choose three.)
Raid, UPS, Geographic Dispersal
181 A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. What is the MOST likely cause?
Security patches were uninstalled due to user impact.
128 A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP Address. Which of the following is the technician's BEST course of action?
Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.