01. A user reports the system is behaving oddly following the installation of an approved third-party software application. The application executable was sourced from an internal repository.
Which of the following will ensure the application is valid?
a) Ask the user to refresh the existing definition file for the antivirus software.
b) Perform a malware scan on the file in the internal repository.
c) Hash the application's installation file and compare it to the hash provided by the vendor.
d) Remove the user's system from the network to avoid collateral contamination.
02. A company's senior human resources administrator left for another position, and the assistant administrator was promoted into the senior position.
On the official start day, the new senior administrator planned to ask for extended access permissions but noticed the permissions were automatically granted on that day.
Which of the following describes the access management policy in place at the company?
c) Federated access
03. During a review of a potential security incident, more records than normal in a database were deleted on the first day of the month.
A conversation with the database owner revealed that the deletion was expected since the records were older than seven years.
Which of the following policies would have required this event to be performed?
a) Risk assessment
b) Data retention
c) Access control
d) Data loss prevention
04. A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two compromised devices.
Which of the following should be used to identify the traffic?
b) Disk imaging
d) Memory dump
e) Packet analysis
05. While reviewing incident reports from the previous night, a security analyst notices the corporate websites were defaced with political propaganda.
Which of the following BEST describes this type of actor?
c) Insider threat
d) Organized crime
06. A proposed network architecture requires systems to be separated from each other logically based on defined risk levels. Which of the following explains the reason why an architect would set up the network this way?
a) To complicate the network and frustrate a potential malicious attacker
b) To create a design that simplifies the supporting network
c) To reduce the attack surface of those systems by segmenting the network based on risk
d) To reduce the number of IP addresses that are used on the network
07. The security team at a large corporation is helping the payment-processing team to prepare for a regulatory compliance audit and meet the following objectives:
- Reduce the number of potential findings by the auditors.
- Limit the scope of the audit to only devices used by the payment-processing team for activities directly impacted by the regulations.
- Prevent the external-facing web infrastructure used by other teams from coming into scope.
- Limit the amount of exposure the company will face if the systems used by the payment-processing team are compromised.
Which of the following would be the MOST effective way for the security team to meet these objectives?
a) Limit the permissions to prevent other employees from accessing data owned by the business unit.
b) Segment the servers and systems used by the business unit from the rest of the network.
c) Deploy patches to all servers and workstations across the entire organization.
d) Implement full-disk encryption on the laptops used by employees of the payment-processing team.
08. A security analyst wants to deploy a system on the public Internet to collect the newest exploits that are being seen in the wild. Which of the following would BEST achieve this goal?
a) Honeypot server
b) Unpatched MySQL server
c) Cloud access security broker
d) Kubernetes management server
09. Data spillage occurred when an employee accidentally emailed a sensitive file to an external recipient. Which of the following controls would have MOST likely prevented this incident?
10. Which of the following assessment methods should be used to analyze how specialized software performs during heavy loads?
a) Input validation
b) API compatibility test
c) Code review
d) User acceptance test
e) Stress test