NEW QUESTION 1
Employees are having issues accessing the company's website. Some employees report very slow performance, while others cannot the website at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic. Which of the following attacks is MOST likely occurring?

• A. DDoS
• B. Man-in-the-middle
• C. MAC flooding
• D. Domain hijacking

Answer: A

NEW QUESTION 2
A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two- drive failure for better fault tolerance. Which of the following RAID levels should the administrator select?

• A. 1
• B. 5
• C. 6

Answer: B

NEW QUESTION 3
A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

• A. A non-disclosure agreement
• B. Least privilege
• C. An acceptable use policy
• D. Ofboarding

Answer: D

NEW QUESTION 4
A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?

• A. Upgrade the bandwidth available into the datacenter
• B. Implement a hot-site failover location
• C. Switch to a complete SaaS offering to customers
• D. Implement a challenge response test on all end-user queries

Answer: B

NEW QUESTION 5
A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site Upon investigation, a security analyst the identifies the following:
• The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP
• The forged website's IP address appears to be 10.2.12.99. based on NetFtow records
• AH three at the organization's DNS servers show the website correctly resolves to the legitimate IP
• DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.
Which of the following MOST likely occurred?

• A. A reverse proxy was used to redirect network traffic
• B. An SSL strip MITM attack was performed
• C. An attacker temporarily pawned a name server
• D. An ARP poisoning attack was successfully executed

Answer: B

NEW QUESTION 6
While checking logs, a security engineer notices a number of end users suddenly downloading files with the .t ar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

• A. A RAT was installed and is transferring additional exploit tools.
• B. The workstations are beaconing to a command-and-control server.
• C. A logic bomb was executed and is responsible for the data transfers.
• D. A fireless virus is spreading in the local network environment.

Answer: A

NEW QUESTION 7
A network administrator has been asked to design a solution to improve a company's security posture The administrator is given the following, requirements?
• The solution must be inline in the network
• The solution must be able to block known malicious traffic
• The solution must be able to stop network-based attacks
Which of the following should the network administrator implement to BEST meet these requirements?

• A. HIDS
• B. NIDS
• C. HIPS
• D. NIPS

Answer: D

NEW QUESTION 8
A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS?

• A. Corrective
• B. Physical
• C. Detective
• D. Administrative

Answer: C

NEW QUESTION 9
A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

• A. PCI DSS
• B. GDPR
• C. NIST
• D. ISO 31000

Answer: B

NEW QUESTION 10
A security engineer is setting up passwordless authentication for the first time. INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 11
A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data?

• A. Containerization
• B. Geofencing
• C. Full-disk encryption
• D. Remote wipe

Answer: C

NEW QUESTION 12
An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

• A. Document the collection and require a sign-off when possession changes.
• B. Lock the device in a safe or other secure location to prevent theft or alteration.
• C. Place the device in a Faraday cage to prevent corruption of the data.
• D. Record the collection in a blockchain-protected public ledger.

Answer: A

NEW QUESTION 13
An organization has decided to host its web application and database in the cloud Which of the following BEST describes the security concerns for this decision?

• A. Access to the organization's servers could be exposed to other cloud-provider clients
• B. The cloud vendor is a new attack vector within the supply chain
• C. Outsourcing the code development adds risk to the cloud provider
• D. Vendor support will cease when the hosting platforms reach EOL.

Answer: B

NEW QUESTION 14
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson’s laptop. The sales department has a higher-than-average rate of lost equipment. Which of the following recommendations would BEST address the CSO’s concern?

• A. Deploy an MDM solution.
• B. Implement managed FDE.
• C. Replace all hard drives with SEDs.
• D. Install DLP agents on each laptop.

Answer: B

NEW QUESTION 15
An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload. Which of the following services would BEST meet the criteria?

• A. TLS
• B. PFS
• C. ESP
• D. AH

Answer: A

NEW QUESTION 16
A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective?

• A. Segmentation
• B. Containment
• C. Geofencing
• D. Isolation

Answer: A

NEW QUESTION 17
A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network. Which of the following would be BEST to help mitigate this concern?

• A. Create consultant accounts for each region, each configured with push MFA notifications.
• B. Create one global administrator account and enforce Kerberos authentication
• C. Create different accounts for each regio
• D. limit their logon times, and alert on risky logins
• E. Create a guest account for each regio
• F. remember the last ten passwords, and block password reuse

Answer: C

NEW QUESTION 18
A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboars are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

• A. Loss of proprietary information
• B. Damage to the company’s reputation
• C. Social engineering
• D. Credential exposure

Answer: C

NEW QUESTION 19
A critical file server is being upgraded and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meets this requirements?

• A. RAID 0+1
• B. RAID 2
• C. RAID 5
• D. RAID 6

Answer: C

NEW QUESTION 20
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is concerned that some staff members may take advantage of the of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief information Officer (CIO) believes the company can implement some basic to mitigate the majority of the risk. Which of the following would be BEST to mitigate CEO’s concern? (Select TWO).

• A. Geolocation
• B. Time-of-day restrictions
• C. Certificates
• D. Tokens
• E. Geotagging
• F. Role-based access controls

Answer: AE

NEW QUESTION 21
......