A security engineer has enabled two-factor authentication on all workstations. Which of the
following approaches are the MOST secure? (Select TWO).

A.

Password and security question

B.

Password and CAPTCHA

C.

Password and smart card

D.

Password and fingerprint

E.

Password and one-time token

F.

Password and voice

Which of the following are requirements that must be configured for PCI DSS compliance? (Select TWO).

A.

Testing security systems and processes regularly

B.

Installing and maintaining a web proxy to protect cardholder data

C.

Assigning a unique ID to each person with computer access

D.

Encrypting transmission of cardholder data across private networks

E.

Benchmarking security awareness training for contractors

F.

Using vendor-supplied default passwords for system passwords

A security analyst is running a vulnerability scan to check for missing patches during a
suspected security rodent During which of the following phases of the response process is
this activity MOST likely occurring?

A.

Containment

B.

Identification

C.

Recovery

D.

Preparation

A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?

A.

Outh

B.

SSO

C.

SAML

D.

PAP

A forensics examiner is attempting to dump password cached in the physical memory of a
live system but keeps receiving an error message. Which of the following BEST describes
the cause of the error?

A.

The examiner does not have administrative privileges to the system

B.

The system must be taken offline before a snapshot can be created

C.

Checksum mismatches are invalidating the disk image

D.

The swap file needs to be unlocked before it can be accessed

Which of the following types of controls is a CCTV camera that is not being monitored?

A.

Detective

B.

Deterrent

C.

Physical

D.

Preventive

A company recently moved sensitive videos between on-premises. Company-owned websites. The company then learned the videos had been uploaded and shared to the internet. Which of the following would MOST likely allow the company to find the cause?

A.

Checksums

B.

Watermarks

C.

Oder of volatility

D.

A log analysis

E.

A right-to-audit clause

In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

A.

Identification

B.

Preparation

C.

Eradiction

D.

Recovery

E.

Containment

An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments. Which of the following BEST explains the appliance’s vulnerable state?

A.

The system was configured with weak default security settings.

B.

The device uses weak encryption ciphers.

C.

The vendor has not supplied a patch for the appliance.

D.

The appliance requires administrative credentials for the assessment

A security assessment determines DES and 3DES at still being used on recently deployed production servers. Which of the following did the assessment identify?

A.

Unsecme protocols

B.

Default settings

C.

Open permissions

D.

Weak encryption

A security analyst is preparing a threat for an upcoming internal penetration test. The
analyst needs to identify a method for determining the tactics, techniques, and procedures
of a threat against the organization’s network. Which of the following will the analyst MOST
likely use to accomplish the objective?

A.

A table exercise

B.

NST CSF

C.

MTRE ATT$CK

D.

OWASP

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

A.

SaaS

B.

PaaS

C.

IaaS

D.

DaaS