A company has decided to move its operations to the cloud. It wants to utilize technology
that will prevent users from downloading company applications for personal use, restrict
data that is uploaded, and have visibility into which applications are being used across the
company. Which of the following solutions will BEST meet these requirements?

A.

An NGFW

B.

A CASB

C.

Application whitelisting

D.

An NG-SWG

Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

A.

Watering-hole attack

B.

Credential harvesting

C.

Hybrid warfare

D.

Pharming

A security modern may have occurred on the desktop PC of an organization's Chief
Executive Officer (CEO) A duplicate copy of the CEO's hard drive must be stored securely
to ensure appropriate forensic processes and the chain of custody are followed. Which of
the following should be performed to accomplish this task?

A.

Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag

B.

Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize
the dd command m a live Linux environment to create a duplicate copy

C.

Rmove the CEO's hard drive from the PC, connect to the forensic workstation, and
copy all the contents onto a remote fileshare while the CEO watches

D.

Refrain from completing a forensic analysts of the CEO's hard drive until after the
incident is confirmed, duplicating the hard drive at this stage could destroy evidence

A researcher has been analyzing large data sets for the last ten months. The researcherworks with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks is the researcher MOST likely experiencing?

A.

MAC cloning

B.

Evil twin

C.

Man-in-the-middle

D.

ARP poisoning

A user recent an SMS on a mobile phone that asked for bank delays. Which of the
following social-engineering techniques was used in this case?

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users’ traffic. Which of the following would be BEST to solve this issue?

A.

iPSec

B.

Always On

C.

Split tunneling

D.

L2TP

The process of passively gathering information poor to launching a cyberattack is called:

A.

tailgating

B.

reconnaissance

C.

pharming

D.

prepending

A remote user recently took a two-week vacation abroad and brought along a corporateowned
laptop. Upon returning to work, the user has been unable to connect the laptop to
the VPN. Which of the following is the MOST likely reason for the user’s inability to connect
the laptop to the VPN? (Select TWO).

A.

Due to foreign travel, the user’s laptop was isolated from the network.

B.

The user’s laptop was quarantined because it missed the latest path update.

C.

The VPN client was blacklisted.

D.

The user’s account was put on a legal hold

A security analyst is configuring a large number of new company-issued laptops. The
analyst received the following requirements:
• The devices will be used internationally by staff who travel extensively.
• Occasional personal use is acceptable due to the travel requirements.
• Users must be able to install and configure sanctioned programs and productivity suites.
• The devices must be encrypted
• The devices must be capable of operating in low-bandwidth environments.
Which of the following would provide the GREATEST benefit to the security posture of the
devices?

A.

Configuring an always-on VPN

B.

Implementing application whitelisting

C.

Requiring web traffic to pass through the on-premises content filter

D.

Setting the antivirus DAT update schedule to weekly

An end user reports a computer has been acting slower than normal for a few weeks.
During an investigation, an analyst determines the system is sending the user's email
address and a ten-digit number to an IP address once a day. The only recent log entry
regarding the user's computer is the following:

Which of the following is the MOST likely cause of the issue?

A.

The end user purchased and installed a PUP from a web browser

B.

A bot on the computer is brute forcing passwords against a website

C.

A hacker is attempting to exfiltrate sensitive data

D.

Ransomware is communicating with a command-and-control server.

Which of the following would MOST likely support the integrity of a voting machine?

A.

Asymmetric encryption

B.

Blockchain

C.

Transport Layer Security

D.

Perfect forward secrecy

Some laptops recently went missing from a locked storage area that is protected by
keyless RFID-enabled locks. There is no obvious damage to the physical space. The
security manager identifies who unlocked the door, however, human resources confirms
the employee was on vacation at the time of the incident. Which of the following describes
what MOST likely occurred?

A.

The employee's physical access card was cloned.

B.

The employee is colluding with human resources

C.

The employee's biometrics were harvested

D.

A criminal used lock picking tools to open the door.