Joe, a user at a company, clicked an email link led to a website that infected his
workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection. Which of the following should administrator implement to protect the environment from this malware?

A.

Install a definition-based antivirus.

B.

Implement an IDS/IPS

C.

Implement a heuristic behavior-detection solution.

D.

Implement CASB to protect the network shares.

A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?

A.

Use email-filtering software and centralized account management, patch high-risk
systems, and restrict administration privileges on fileshares.

B.

Purchase cyber insurance from a reputable provider to reduce expenses during an incident.

C.

Invest in end-user awareness training to change the long-term culture and behavior of
staff and executives, reducing the organization's susceptibility to phishing attacks.

D.

Implement application whitelisting and centralized event-log management, and perform
regular testing and validation of full backups.

A cybersecurity manager has scheduled biannual meetings with the IT team and
department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the following describes what the manager is doing?

A.

Dveloping an incident response plan

B.

Building a disaster recovery plan

C.

Conducting a tabletop exercise

D.

Running a simulation exercise

A security analyst is logged into a Windows file server and needs to see who is accessing
files and from which computers Which of the following tools should the analyst use?

A.

netstt

B.

net share

C.

netcat

D.

nbtstat

E.

net session

A security analyst needs to determine how an attacker was able to use User3 to gain a
foothold within a company's network. The company's lockout policy requires that an
account be locked out for a minimum of 15 minutes after three unsuccessful attempts.
While reviewing the log files, the analyst discovers the following:

Which of the following attacks MOST likely occurred?
A. Dictionary
B. Credential-stuffing
C. Password-spraying
D. Brute-force
Which of the following attacks MOST likely occurred?

A.

Dictionary

B.

Credential-stuffing

C.

Password-spraying

D.

Brute-force

Which of the following relets to applications and systems that are used within an
organization without consent or approval?

A.

Shadow IT

B.

ONT

C.

Dark web

D.

 Insider threats

A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?

A.

Automated information sharing

B.

Open-source intelligence

C.

The dark web

D.

Vulnerability databases

A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and
deprovisioning This prevents the administrator from spending time on other security
projects. The business does not have the budget to add more staff members. Which of the
following should the administrator implement?

A.

A. DAC

B.

B. ABAC

C.

C. SCAP

D.

SOAR

A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site Upon investigation, a security analyst the identifies the following:
• The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP
• The forged website's IP address appears to be 10.2.12.99. based on NetFtow records
• AH three at the organization's DNS servers show the website correctly resolves to the
legitimate IP
• DNS query logs show one of the three DNS servers returned a result of 10.2.12.99
(cached) at the approximate time of the suspected compromise.
Which of the following MOST likely occurred?

A.

A reverse proxy was used to redirect network traffic

B.

An SSL strip MITM attack was performed

C.

An attacker temporarily pawned a name server

D.

An ARP poisoning attack was successfully executed

Which of the following scenarios BEST describes a risk reduction technique? 

A.

A security control objective cannot be met through a technical change, so the company
purchases insurance and is no longer concerned about losses from data breaches.

B.

A security control objective cannot be met through a technical change, so the company
implements a policy to train users on a more secure method of operation

C.

A security control objective cannot be met through a technical change, so the company
changes as method of operation

D.

A security control objective cannot be met through a technical change, so the Chief
Information Officer (CIO) decides to sign off on the risk.

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable?

A.

SED

B.

HSM

C.

DLP

D.

TPM

A vulnerability assessment report will include the CVSS score of the discovered
vulnerabilities because the score allows the organization to better.

A.

validate the vulnerability exists in the organization's network through penetration testing

B.

research the appropriate mitigation techniques in a vulnerability database

C.

find the software patches that are required to mitigate a vulnerability

D.

prioritize remediation of vulnerabilities based on the possible impact.