A workwide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?

A.

Network location

B.

Impossible travel time

C.

Geolocation

D.

Geofencing

A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

A.

perform attribution to specific APTs and nation-state actors.

B.

anonymize any PII that is observed within the IoC data.

C.

add metadata to track the utilization of threat intelligence reports.

D.

assist companies with impact assessments based on the observed data

A recent malware outbreak across a subnet included successful rootkit installations on
many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the
following would BEST detect the presence of a rootkit in the future?

A.

FDE

B.

NIDS

C.

EDR

D.

DLP

A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS.
Which of the following must be part of the security architecture to achieve AAA? (Select
TWO)

A.

DNSSEC

B.

Reverse proxy

C.

VPN concentrator

D.

PKI

E.

Active Directory

F.

RADIUS

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

A.

The document is a honeyfile and is meant to attract the attention of a cyberintruder.

B.

The document is a backup file if the system needs to be recovered.

C.

The document is a standard file that the OS needs to verify the login credentials.

D.

The document is a keylogger that stores all keystrokes should the account be
compromised.

A security architect at a large, multinational organization is concerned about the
complexities and overhead of managing multiple encryption keys securely in a multicloud
provider environment. The security architect is looking for a solution with reduced latency to
allow the incorporation of the organization's existing keys and to maintain consistent,
centralized control and management regardless of the data location Which of the following
would BEST meet the architect's objectives?

A.

Trusted Platform Module

B.

laaS

C.

HSMaaS

D.

PaaS

E.

Key Management Service

A security engineer needs to implement an MDM solution that complies with the corporate
mobile device policy. The policy states that in order for mobile users to access corporate
resources on their devices the following requirements must be met:
• Mobile device OSs must be patched up to the latest release
• A screen lock must be enabled (passcode or biometric)
• Corporate data must be removed if the device is reported lost or stolen
Which of the following controls should the security engineer configure? (Select TWO)

A.

Containerization

B.

Strage segmentation

C.

Posturing

D.

Remote wipe

E.

Full-device encryption

F.

Geofencing

A website developer is working on a new e-commerce website and has asked an
information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?

A.

Salting the magnetic strip information

B.

Encrypting the credit card information in transit.

C.

Hashing the credit card numbers upon entry.

D.

Tokenizing the credit cards in the database

After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical. Which of the following should the network security manager consult FIRST to determine a priority list for forensic review?

A.

The vulnerability scan output

B.

The IDS logs

C.

The full packet capture data

D.

The SIEM alerts

An analyst has determined that a server was not patched and an external actor exfiltrated
data on port 139. Which of the following sources should the analyst review to BEST
ascertain how the Incident could have been prevented?

A.

The vulnerability scan output

B.

The security logs

C.

The baseline report

D.

The correlation of events

A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used?

A.

The scan results show open ports, protocols, and services exposed on the target host

B.

The scan enumerated software versions of installed programs

C.

The scan produced a list of vulnerabilities on the target host

D.

The scan identified expired SSL certificates

When used at the design stage, which of the following improves the efficiency, accuracy,
and speed of a database?

A.

Tokenization

B.

Data masking

C.

Normalization

D.

Obfuscation