NEW QUESTION 1
An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload. Which of the following services would BEST meet the criteria?

• A. TLS
• B. PFS
• C. ESP
• D. AH

Answer: A

NEW QUESTION 2
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson’s laptop. The sales department has a higher-than-average rate of lost equipment. Which of the following recommendations would BEST address the CSO’s concern?

• A. Deploy an MDM solution.
• B. Implement managed FDE.
• C. Replace all hard drives with SEDs.
• D. Install DLP agents on each laptop.

Answer: B

NEW QUESTION 3
A security administrator needs to create a RAIS configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use?

• A. RA1D 0
• B. RAID1
• C. RAID 5
• D. RAID 10

Answer: C

NEW QUESTION 4
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?

• A. Salting the magnetic strip information
• B. Encrypting the credit card information in transit.
• C. Hashing the credit card numbers upon entry.
• D. Tokenizing the credit cards in the database

Answer: C

NEW QUESTION 5
A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future?

• A. FDE
• B. NIDS
• C. EDR
• D. DLP

Answer: C

NEW QUESTION 6
A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choose two.)

• A. Perform a site survey
• B. Deploy an FTK Imager
• C. Create a heat map
• D. Scan for rogue access points
• E. Upgrade the security protocols
• F. Install a captive portal

Answer: AC

NEW QUESTION 7
A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement?

• A. Discretionary
• B. Rule-based
• C. Role-based
• D. Mandatory

Answer: D

NEW QUESTION 8
A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.)

• A. Trusted Platform Module
• B. A host-based firewall
• C. A DLP solution
• D. Full disk encryption
• E. A VPN
• F. Antivirus software

Answer: AB

NEW QUESTION 9
A security analyst has received an alert about being sent via email. The analyst’s Chief information Security Officer (CISO) has made it clear that PII must be handle with extreme care From which of the following did the alert MOST likely originate?

• A. S/MIME
• B. DLP
• C. IMAP
• D. HIDS

Answer: B

NEW QUESTION 10
Which of the following is the purpose of a risk register?

• A. To define the level or risk using probability and likelihood
• B. To register the risk with the required regulatory agencies
• C. To identify the risk, the risk owner, and the risk measures
• D. To formally log the type of risk mitigation strategy the organization is using

Answer: C

NEW QUESTION 11
A user recent an SMS on a mobile phone that asked for bank delays. Which of the following social-engineering techniques was used in this case?

• A. SPIM
• B. Vishing
• C. Spear phishing
• D. Smishing

Answer: D

NEW QUESTION 12
An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has only been given the documentation available to the customers of the applications. Which of the following BEST represents the type of testing that will occur?

• A. Bug bounty
• B. Black-box
• C. Gray-box
• D. White-box

Answer: A

NEW QUESTION 13
Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log m to any thin client located throughout the building and see the same desktop each time. Which of the following technologies are being utilized to provide these capabilities? (Select TWO)

• A. COPE
• B. VDI
• C. GPS
• D. TOTP
• E. RFID
• F. BYOD

Answer: BE

NEW QUESTION 14
A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO).

• A. Something you know
• B. Something you have
• C. Somewhere you are
• D. Someone you are
• E. Something you are
• F. Something you can do

Answer: BE

NEW QUESTION 15
A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent data? (Select TWO)

• A. VPN
• B. Drive encryption
• C. Network firewall
• D. File-level encryption
• E. USB blocker
• F. MFA

Answer: BE

NEW QUESTION 16
When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

• A. Acceptance
• B. Mitigation
• C. Avoidance
• D. Transference

Answer: D

NEW QUESTION 17
Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

• A. Unsecure protocols
• B. Use of penetration-testing utilities
• C. Weak passwords
• D. Included third-party libraries
• E. Vendors/supply chain
• F. Outdated anti-malware software

Answer: AD

NEW QUESTION 18
Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

• A. SSAE SOC 2
• B. PCI DSS
• C. GDPR
• D. ISO 31000

Answer: C

NEW QUESTION 19
A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

• A. PCI DSS
• B. ISO 22301
• C. ISO 27001
• D. NIST CSF

Answer: A

NEW QUESTION 20
Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

• A. DLP
• B. HIDS
• C. EDR
• D. NIPS

Answer: C

NEW QUESTION 21
A symmetric encryption algorithm Is BEST suited for:

• A. key-exchange scalability.
• B. protecting large amounts of data.
• C. providing hashing capabilities,
• D. implementing non-repudiation.

Answer: D

NEW QUESTION 22
A company's Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks Which of the following would be BEST for the security manager to use in a threat mode?

• A. Hacktivists
• B. White-hat hackers
• C. Script kiddies
• D. Insider threats

Answer: A

NEW QUESTION 23
A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?

• A. Create a new acceptable use policy.
• B. Segment the network into trusted and untrusted zones.
• C. Enforce application whitelisting.
• D. Implement DLP at the network boundary.

Answer: C

NEW QUESTION 24
A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective?

• A. Segmentation
• B. Containment
• C. Geofencing
• D. Isolation

Answer: A

NEW QUESTION 25
......