Which of the following would a security specialist be able to determine upon examination of a server’s c ...


A security analyst is diagnosing an incident in which a system was compromised from an external IP address. Th ...


Multiple organizations operating in the same vertical want to provide seamless wireless access for their emplo ...


In a corporation where compute utilization spikes several times a year, the Chief Information Officer (CIO) ha ...


A security engineer is configuring a system that requires the X.509 certificate information to be pasted into a f ...


Which of the following attacks specifically impact data availability?


A security analyst is hardening a server with the directory services role installed. The analyst must ensure L ...


Which of the following threat actors is MOST likely to steal a company’s proprietary information to gain ...


A penetration tester is crawling a target website that is available to the public. Which of the following repr ...


Which of the following characteristics differentiate a rainbow table attack from a brute force attack? (Select ...


Which of the following best describes routine in which semicolons, dashes, quotes, and commas are removed from ...


A security analyst wishes to increase the security of an FTP server. Currently, all traffic to the FTP server ...


Which of the following explains why vendors publish MD5 values when they provide software patches for their cu ...


A security analyst receives a notification from the IDS after working hours, indicating a spike in network traffi ...


A number of employees report that parts of an ERP application are not working. The systems administrator reviews ...


Refer to the following code: Which of the following vulnerabilities would occur if this is executed.


Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapp ...


An organization has determined it can tolerate a maximum of three hours of downtime. Which of the following has b ...


Which of the following types of keys is found in a key escrow.


A security analyst is reviewing the following output from an IPS: Given this output, which of the following can ...


Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwor ...


Which of the following types of cloud infrastructures would allow several organizations with similar structures a ...


A company is currently using the following configuration: #IAS server with certificate based EAP PEAP and MSCH ...


An auditor wants to test the security posture of an organization by running a tool that will display the followin ...


A company determines that it is prohibitively expensive to become compliant with new credit card regulations. Ins ...


A company is using a mobile device deployment model in which employees use their personal devices for work at the ...


A botnet has hit a popular website with a massive number of GRE encapsulated packets to perform a DDoS attack. N ...


Users report the following message appears when browsing to the company’s secure site: This website cannot ...


message: Access denied: too many concurrent sessions. The ticketing system was recently installed on a small VM w ...


Joe, an employee, wants to show his colleagues how much he knows about smartphones. Joe demonstrates a free movie ...


Which of the following can be provided to an AAA system for the identification phase.


Which of the following implements two factor authentication.


Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Wh ...


A network administrator wants to implement a method of securing internal routing. Which of the following should t ...


A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to ...


Which of the following encryption methods does PKI typically use to securely protect keys.


in which the tool incorrectly identifies the vulnerability.


An organization’s internal auditor discovers that large sums of money have recently been paid to a vendor t ...


A department head at a university resigned on the first day of the spring semester. It was subsequently determine ...


A database backup schedule consists of weekly full backups performed on Saturday at 12:00 a.m. and daily differen ...


Which of the following security controls does an iris scanner provide.


As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A techn ...


A user has attempted to access data at a higher classification level than the user’s account is currently a ...


A security consultant discovers that an organization is using the PCL protocol to print documents, utilizing the ...


An organization finds that most help desk calls are regarding account lockout due to a variety of applications ru ...


A user suspects someone has been accessing a home network without permission by spoofing the MAC address of an au ...


When performing data acquisition on a workstation, which of the following should be captured based on memory vola ...


An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Co ...


A systems administrator is attempting to recover from a catastrophic failure in the datacenter. To recover the do ...


A security administrator has found a hash in the environment known to belong to malware. The administrator then f ...


A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an ...


When connected to a secure WAP, which of the following encryption technologies is MOST likely to be configured wh ...


A company has a data classification system with definitions for “Private” and “Public”. T ...


When configuring settings in a mandatory access control environment, which of the following specifies the subject ...


A high security defense installation recently begun utilizing large guard dogs that bark very loudly and excited ...


A company’s user lockout policy is enabled after five unsuccessful login attempts. The help desk notices a ...


Ann. An employee in the payroll department, has contacted the help desk citing multiple issues with her device, i ...


A company is terminating an employee for misbehavior. Which of the following steps is MOST important in the proce ...


A company is developing a new secure technology and requires computers being used for development to be isolated. ...


Which of the following is an important step to take BEFORE moving any installation packages from a test environme ...


A user clicked an email link that led to a website than infected the workstation with a virus. The virus encrypte ...


An organization wishes to provide better security for its name resolution services. Which of the following techno ...


A company hires a consulting firm to crawl its Active Directory network with a non domain account looking for un ...


An administrator is replacing a wireless router. The configuration of the old wireless router was not documented ...


An application team is performing a load balancing test for a critical application during off hours and has req ...


Which of the following cryptographic attacks would salting of passwords render ineffective.


A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is m ...


Two users need to send each other emails over unsecured channels. The system should support the principle of non ...


Which of the following attack types BEST describes a client side attack that is used to manipulate an HTML ifram ...


An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a ...


A senior incident response manager receives a call about some external IPs communicating with internal computers ...


Which of the following technologies employ the use of SAML. (Select two.)


Which of the following specifically describes the exploitation of an interactive process to access otherwise rest ...


Which of the following network vulnerability scan indicators BEST validates a successful, active scan.


An analyst wants to implement a more secure wireless authentication for office access points. Which of the follow ...


When systems, hardware, or software are not supported by the original vendor, it is a vulnerability known as:


A company has three divisions, each with its own networks and services. The company decides to make its secure we ...


Which of the following is the BEST explanation of why control diversity is important in a defense in depth arch ...


A system administrator wants to provide balance between the security of a wireless network and usability. The adm ...


An information security specialist is reviewing the following output from a Linux server. Based on the above inf ...


In terms of encrypting data, which of the following is BEST described as a way to safeguard password data by addi ...


A system administrator wants to provide for and enforce wireless access accountability during events where extern ...


Which of the following would MOST likely appear in an uncredentialed vulnerability scan.


A security analyst observes the following events in the logs of an employee workstation: Given the information p ...


When identifying a company’s most valuable assets as part of a BIA, which of the following should be the FI ...


An organization needs to implement a large PKI. Network engineers are concerned that repeated transmission of the ...


include in the security assessment process. (Select two.)


Which of the following occurs when the security of a web application relies on JavaScript for input validation. ...


An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a Window ...


A wireless network uses a RADIUS server that is connected to an authenticator, which in turn connects to a suppli ...


An employer requires that employees use a key generating app on their smartphones to log into corporate applicat ...


Adhering to a layered security approach, a controlled access facility employs security guards who verify the auth ...


A security analyst is hardening a web server, which should allow a secure certificate based session using the or ...


A manager wants to distribute a report to several other managers within the company. Some of them reside in remot ...


An auditor is reviewing the following output from a password cracking tool: Which of the following methods did ...


Which of the following must be intact for evidence to be admissible in court.


A vulnerability scanner that uses its running service’s access level to better assess vulnerabilities acros ...


Which of the following cryptography algorithms will produce a fixed length, irreversible output.


A technician suspects that a system has been compromised. The technician reviews the following log entry: WARNING ...


A new firewall has been places into service at an organization. However, a configuration has not been entered on ...


Which of the following are the MAIN reasons why a systems administrator would install security patches ina stagin ...


A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on ...


A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement o ...


Which of the following would meet the requirements for multifactor authentication.


A manager suspects that an IT employee with elevated database access may be knowingly modifying financial transac ...


A penetration tester finds that a company’s login credentials for the email client were being sent in clear ...


Before an infection was detected, several of the infected devices attempted to access a URL that was similar to t ...


A systems administrator is reviewing the following information from a compromised server: Given the above inform ...


Joe, a security administrator, needs to extend the organization’s remote access functionality to be used by ...


The availability of a system has been labeled as the highest priority. Which of the following should be focused o ...


As part of the SDLC, a third party is hired to perform a penetration test. The third party will have access to th ...


A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of ...


Which of the following are methods to implement HA in a web application server environment. (Select two.)


An application developer is designing an application involving secure transports from one service to another that ...


Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as ...


After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is t ...


A company was recently audited by a third party. The audit revealed the company’s network devices were tran ...


During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit. Upon ...


A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in ...


A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential moneta ...


Which of the following AES modes of operation provide authentication. (Select two.)


An audit takes place after company wide restricting, in which several employees changed roles. The following def ...


A security engineer is configuring a wireless network that must support mutual authentication of the wireless cli ...


A system’s administrator has finished configuring firewall ACL to allow access to a new web server. The co ...


Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous ag ...


An in house penetration tester is using a packet capture device to listen in on network communications. This is ...


A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a ...


A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations ...


A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing confidential informat ...


A company hires a third party firm to conduct an assessment of vulnerabilities exposed to the Internet. The firm ...


An organization uses SSO authentication for employee access to network resources. When an employee resigns, as pe ...


Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following shou ...


A director of IR is reviewing a report regarding several recent breaches. The director compiles the following sta ...


To reduce disk consumption, an organization’s legal department has recently approved a new policy setting t ...


A security administrator is configuring a new network segment, which contains devices that will be accessed by ex ...


Which of the following types of attacks precedes the installation of a rootkit on a server.


Which of the following cryptographic algorithms is irreversible.


A security analyst receives an alert from a WAF with the following payload: var data= “<test test test&g ...


A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before ...


Audit logs from a small company’s vulnerability scanning software show the following findings: Destinations ...


A security analyst wants to harden the company’s VoIP PBX. The analyst is worried that credentials may be i ...


An organization is comparing and contrasting migration from its standard desktop configuration to the newest vers ...


A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of ...


A user is presented with the following items during the new hire onboarding process: #Laptop #Secure USB drive ...


An organization requires users to provide their fingerprints to access an application. To improve security, the a ...


A network technician is setting up a segmented network that will utilize a separate ISP to provide wireless acces ...


After a routine audit, a company discovers that engineering documents have been leaving the network on a particul ...


A security analyst has received the following alert snippet from the HIDS appliance: Given the above logs, which ...


A security analyst reviews the following output: Which of the following is the MOST likely cause of the hash bei ...


An organization’s primary datacenter is experiencing a two day outage due to an HVAC malfunction. Thenode loca ...


A security analyst notices anomalous activity coming from several workstations in the organizations. Upon identif ...


report of security credentials for all users. Which of the following types of attack is MOST likely occurring. ...


An information security analyst needs to work with an employee who can answer questions about how data for a spec ...


A group of non profit agencies wants to implement a cloud service to share resources with each other and minimiz ...


A copy of a highly confidential salary report was recently found on a printer in the IT department. The human res ...


A company is developing a new system that will unlock a computer automatically when an authorized user sits in fr ...


A security analyst accesses corporate web pages and inputs random data in the forms. The response received includ ...


A new mobile application is being developed in house. Security reviews did not pick up any major flaws,however v ...


A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZwhich is ...


A company has a security policy that specifies all endpoint computing devices should be assigned a uniqueidentifi ...


A technician is configuring a wireless guest network. After applying the most recent changes the technicianfinds ...


A security administrator has been assigned to review the security posture of the standard corporate systemimage f ...


Although a web enabled application appears to only allow letters in the comment field of a web form,malicious use ...


An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of thevulner ...


A security administrator returning from a short vacation receives an account lock out message whenattempting to ...


A bank requires tellers to get manager approval when a customer wants to open a new account. A recentaudit shows ...


A security administrator has been tasked with improving the overall security posture related to desktopmachines o ...


Company policy requires the use if passphrases instead if passwords.Which of the following technical controls MUS ...


During a routine audit, it is discovered that someone has been using a stale administrator account to loginto a s ...


Which of the following should identify critical systems and components.


Which of the following works by implanting software on systems but delays execution until a specific set ofcondit ...


A web application is configured to target browsers and allow access to bank accounts to siphon money to aforeign ...


A portable data storage device has been determined to have malicious firmware.Which of the following is the BEST ...


A security administrator must implement a system to ensure that invalid certificates are not used by acustom deve ...


The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade theentire ...


While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as"unkno ...


A network administrator wants to ensure that users do not connect any unauthorized devices to thecompany network. ...


An administrator has concerns regarding the traveling sales team who works primarily from smart phones.Given the ...


A user of the wireless network is unable to gain access to the network. The symptoms are:1.) Unable to connect to ...


A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to arecent au ...


A mobile device user is concerned about geographic positioning information being included in messagessent between ...


A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data.Before ...


An organization has hired a penetration tester to test the security of its ten web servers. The penetrationtester ...


A security engineer is faced with competing requirements from the networking group and databaseadministrators. Th ...


A security administrator is tasked with conducting an assessment made to establish the baseline securityposture o ...


A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.During ...


Which of the following use the SSH protocol.


Which of the following is the GREATEST risk to a company by allowing employees to physically bring theirpersonal ...


Which of the following is the summary of loss for a given year.


A Security Officer on a military base needs to encrypt several smart phones that will be going into the field.Whi ...


An organization relies heavily on an application that has a high frequency of security updates. At present,the se ...


A technician must configure a firewall to block external DNS traffic from entering a network.Which of the followi ...


A security technician would like to obscure sensitive data within a file so that it can be transferred withoutcau ...


A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modifythe co ...


Which of the following attack types is being carried out where a target is being sent unsolicited messagesvia Blu ...


Joe is exchanging encrypted email with another party. Joe encrypts the initial email with a key. When Joereceives ...


Recently several employees were victims of a phishing email that appeared to originate from the companypresident. ...


Which of the following is the LEAST secure hashing algorithm.


An employee uses RDP to connect back to the office network.If RDP is misconfigured, which of the following securi ...


Joe, the security administrator, sees this in a vulnerability scan report:"The server 10.1.2.232 is running Apach ...


An auditor has identified an access control system that can incorrectly accept an access attempt from anunauthori ...


The Chief Technology Officer (CTO) of a company, Ann, is putting together a hardware budget for the next10 years. ...


A software developer wants to ensure that the application is verifying that a key is valid before establishingSSL ...


A security guard has informed the Chief Information Security Officer that a person with a tablet has beenwalking ...


A system administrator is configuring a site to site VPN tunnel.Which of the following should be configured on ...


A network operations manager has added a second row of server racks in the datacenter. These racks facethe opposi ...


Phishing emails frequently take advantage of high profile catastrophes reported in the news.Which of the followi ...


New magnetic locks were ordered for an entire building. In accordance with company policy, employeesafety is the ...


Anne, the Chief Executive Officer (CEO), has reported that she is getting multiple telephone calls fromsomeone cl ...


An administrator discovers the following log entry on a server:Nov 12 2013 00:23:45 httpd[2342]: GET/app2/prod/pr ...


A security team wants to establish an Incident Response plan. The team has never experienced anincident.Which of ...


Which of the following would verify that a threat does exist and security controls can easily be bypassedwithout ...


Which of the following technologies would be MOST appropriate to utilize when testing a new softwarepatch before ...


A system administrator needs to implement 802.1x whereby when a user logs into the network, theauthentication ser ...


A security administrator receives notice that a third party certificate authority has been compromised, andnew c ...


A company wants to host a publicly available server that performs the following functions: # Evaluates MX record ...


A security administrator is developing training for corporate users on basic security principles for personalemai ...


A company researched the root cause of a recent vulnerability in its software. It was determined that thevulnerab ...


A computer on a company network was infected with a zero day exploit after an employee accidentlyopened an email ...


A company wants to ensure that the validity of publicly trusted certificates used by its web server can bedetermi ...


An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but notconfi ...


The chief security officer (CS0) has issued a new policy that requires that all internal websites be configuredfo ...


A security program manager wants to actively test the security posture of a system. The system is not yetin produ ...


A new intern in the purchasing department requires read access to shared documents. Permissions arenormally contr ...


A business has recently deployed laptops to all sales employees. The laptops will be used primarily fromhome offi ...


During a data breach cleanup, it is discovered that not all of the sites involved have the necessary datawiping t ...


An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. Theattac ...


An organization is moving its human resources system to a cloud services provider.The company plans to continue u ...


The data backup window has expanded into the morning hours and has begun to affect production users.The main bott ...


Which of the following best describes the initial processing phase used in mobile device forensics.


Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal hostto a s ...


An administrator is testing the collision resistance of different hashing algorithms.Which of the following is th ...


The SSID broadcast for a wireless router has been disabled but a network administrator notices thatunauthorized u ...


Which of the following should be used to implement voice encryption.


After a merger, it was determined that several individuals could perform the tasks of a networkadministrator in t ...


A company exchanges information with a business partner. An annual audit of the business partner isconducted agai ...


Which of the following is the proper way to quantify the total monetary damage resulting from an exploitedvulnera ...


A security administrator needs to implement a system that detects possible intrusions based upon a vendorprovided ...


The chief Security Officer (CSO) has reported a rise in data loss but no break ins have occurred.By doing which o ...


Having adequate lighting on the outside of a building is an example of which of the following securitycontrols. ...


During a recent audit, it was discovered that several user accounts belonging to former employees were stillactiv ...


An organization is working with a cloud services provider to transition critical business applications to ahybrid ...


A security administrator wants to implement a company wide policy to empower data owners to manageand enforce ac ...


Which of the following BEST describes an attack where communications between two parties areintercepted and forwa ...


A security administrator wishes to implement a secure a method of file transfer when communicating withoutside or ...


A technician needs to implement a system which will properly authenticate users by their username andpassword onl ...


A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potentialpartner (ww ...


Malware that changes its binary pattern on specific dates at specific times to avoid detection is known as a(n): ...


A company is planning to encrypt the files in several sensitive directories of a file server with a symmetrickey. ...


Which of the following is a document that contains detailed information about actions that include howsomething w ...


Which of the following are MOST susceptible to birthday attacks.


Joe a computer forensic technician responds to an active compromise of a database server. Joe firstcollects infor ...


A system administrator wants to implement an internal communication system that will allow employees tosend encry ...


Given the log output:Max 15 00:15:23.431 CRT: #SEC_LOGIN 5 LOGIN_SUCCESS:Login Success [user: msmith] [Source: ...


The Chief Executive Officer (CEO) of a major defense contracting company a traveling overseas for aconference. Th ...


In an effort to reduce data storage requirements, some company devices to hash every file and eliminateduplicates ...


A new security policy in an organization requires that all file transfers within the organization be completedusi ...


Joe notices there are several user accounts on the local network generating spam with embeddedmalicious code.Whic ...


Two users need to securely share encrypted files via email. Company policy prohibits users from sharingcredential ...


An information system owner has supplied a new requirement to the development team that calls forincreased non r ...


The process of applying a salt and cryptographic hash to a password then repeating the process manytimes is known ...


Which of the following is commonly used for federated identity management across multiple organizations.


While performing surveillance activities, an attacker determines that an organization is using 802.1X tosecure LA ...


A security administrator has been asked to implement a VPN that will support remote access over IPSE


A security administrator is evaluating three different services: radius, diameter, and Kerberos.Which of the foll ...


Which of the following can affect electrostatic discharge in a network operations center.


A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL.Which of ...


A company would like to prevent the use of a known set of applications from being used on companycomputers.Which ...


An organization is trying to decide which type of access control is most appropriate for the network. Thecurrent ...


While reviewing the security controls in place for a web based application, a security controls assessornotices ...


A security administrator is tasked with implementing centralized management of all network devices.Network admini ...


An attacker captures the encrypted communication between two parties for a week, but is unable to decryptthe mess ...


Many employees are receiving email messages similar to the one shown below:From IT departmentTo employeeSubject e ...


The IT department needs to prevent users from installing untested applications.Which of the following would provi ...


An attack that is using interference as its main attack to impede network traffic is which of the following.


An organization wants to conduct secure transactions of large data files. Before encrypting and exchangingthe dat ...


Ann, a college professor, was recently reprimanded for posting disparaging remarks re grading hercoworkers on a ...


During a recent audit, it was discovered that many services and desktops were missing security patches.Which of t ...


When generating a request for a new x.509 certificate for securing a website, which of the following is theMOST a ...


The administrator installs database software to encrypt each field as it is written to disk.Which of the followin ...


Which of the following allows an application to securely authenticate a user by receiving credentials from aweb d ...


A network technician is trying to determine the source of an ongoing network based attack.Which of the following ...


A security administrator suspects that data on a server has been exhilarated as a result of un authorizedremote ...


A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone serviceand are concer ...


A server administrator needs to administer a server remotely using RDP, but the specified port is closed onthe ou ...


Which of the following can be used to control specific commands that can be executed on a networkinfrastructure d ...


Company XYZ has decided to make use of a cloud based service that requires mutual, certificate basedauthentica ...


Six months into development, the core team assigned to implement a new internal piece of software mustconvene to ...


A company is investigating a data compromise where data exfiltration occurred. Prior to the investigation,the sup ...


A datacenter manager has been asked to prioritize critical system recovery priorities.Which of the following is t ...


When designing a web based client server application with single application server and database clusterbackend, ...


Which of the following delineates why it is important to perform egress filtering and monitoring on Internetconne ...


Which of the following would enhance the security of accessing data stored in the cloud. (SelectTWO)


During a third party audit, it is determined that a member of the firewall team can request, approve, andimpleme ...


Which of the following is the appropriate network structure used to protect servers and services that mustbe prov ...


An administrator has configured a new Linux server with the FTP service. Upon verifying that the servicewas confi ...


An administrator thinks the UNIX systems may be compromised, but a review of system log files providesno useful i ...


A global gaming console manufacturer is launching a new gaming platform to its customers.Which of the following c ...


An audit has revealed that database administrators are also responsible for auditing database changes andbackup l ...


An external contractor, who has not been given information about the software or network architecture, isconducti ...


A security administrator receives an alert from a third party vendor that indicates a certificate that wasinstal ...


A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of thefollowing ...


Due to regulatory requirements, a security analyst must implement full drive encryption on a Windows fileserver.W ...


A company’s loss control department identifies theft as a recurring loss type over the past year. Based ont ...


Which of the following penetration testing concepts is being used when an attacker uses public Internetdatabases ...


While performing a penetration test, the technicians want their efforts to go unnoticed for as long aspossible wh ...


A security analyst captures forensic evidence from a potentially compromised system for furtherinvestigation. The ...


A security analyst is investigating a security breach. Upon inspection of the audit an access logs, the analystno ...


A company recently replaced its unsecure email server with a cloud based email and collaboration solutionthat is ...


A datacenter recently experienced a breach. When access was gained, an RF device was used to accessan air gapped ...


A security analyst is working on a project that requires the implementation of a stream cipher. Which of thefollo ...


Which of the following would allow for the QUICKEST restoration of a server into a warm recovery site in acase in ...


In determining when it may be necessary to perform a credentialed scan against a system instead of a noncredentia ...


The computer resource center issued smartphones to all first level and above managers. The managershave the abil ...


Which of the following BEST describes a network based attack that can allow an attacker to take full controlof a ...


A security auditor is putting together a report for the Chief Executive Officer (CEO) on personnel securityand it ...


A security administrator wants to configure a company’s wireless network in a way that will prevent wireles ...


Which of the following strategies should a systems architect use to minimize availability risks due toinsufficien ...


A security engineer wants to implement a site to site VPN that will require SSL certificates for mutualauthenti ...


After surfing the Internet, Joe, a user, woke up to find all his files were corrupted. His wallpaper wasreplaced ...


Which of the following allows an auditor to test proprietary software compiled code for security flaws.


Ann, a user, states that her machine has been behaving erratically over the past week. She hasexperienced slownes ...


A security administrator wants to implement a logon script that will prevent MITM attacks on the local LAN.Which ...


Which of the following is the BEST reason for salting a password hash before it is stored in a database.


An actor downloads and runs a program against a corporate login page. The program imports a list ofusernames and ...


An organization wants to utilize a common, Internet based third party provider for authorization andauthenticat ...


A penetration tester harvests potential usernames from a social networking site. The penetration tester thenuses ...


Which of the following could occur when both strong and weak ciphers are configured on a VPNconcentrator. (Sele ...


Which of the following is the BEST choice for a security control that represents a preventive andcorrective logic ...


A vulnerability scan is being conducted against a desktop system. The scan is looking for files, versions,and reg ...


Which of the following could help detect trespassers in a secure facility. (Select TWO)


The IT department is deploying new computers. To ease the transition, users will be allowed to access theirold an ...


A third party penetration testing company was able to successfully use an ARP cache poison technique togain root ...


Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing aRADIUS ser ...


The POODLE attack is an MITM exploit that affects:


To determine the ALE of a particular risk, which of the following must be calculated. (Select two.)


Which of the following are used to increase the computing time it takes to brute force a password using anoffline ...


Users in a corporation currently authenticate with a username and password. A security administratorwishes to imp ...


A security administrator needs to address the following audit recommendations for a public facingSFTP server:Use ...


An organization recently moved its custom web applications to the cloud, and it is obtaining managedservices of t ...


Which of the following is commonly done as part of a vulnerability scan.


After a security incident, management is meeting with involved employees to document the incident and itsaftermat ...


As part of a new BYOD rollout, a security analyst has been asked to find a way to securely store companydata on p ...


A web server, which is configured to use TLS with AES GCM 256, SHA 384, and ECDSA, recently sufferedan informa ...


An incident involving a workstation that is potentially infected with a virus has occurred. The workstationmay ha ...


An in house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltratedata thro ...


A member of the admins group reports being unable to modify the "changes" file on a server.The permissions on the ...


A penetration tester is conducting an assessment on Comptia.org and runs the following command from acoffee shop ...


A security analyst is inspecting the results of a recent internal vulnerability scan that was performed againstin ...


Company A agrees to provide perimeter protection, power, and environmental support withmeasurable goals for Compa ...


The Chief Information Security Officer (CISO) is asking for ways to protect against zero day exploits. TheCISO i ...


An organization has several production critical SCADA supervisory systems that cannot follow the normal30 day ...


An organization identifies a number of hosts making outbound connections to a known malicious IP overport TCP 80. ...


Legal authorities notify a company that its network has been compromised for the second time in two years.The inv ...


A forensic investigator has run into difficulty recovering usable files from a SAN drive. Which of the followingS ...


A software development manager is taking over an existing software development project. The teamcurrently suffers ...


After a recent internal breach, a company decided to regenerate and reissue all certificates used in thetransmiss ...


A security manager is creating an account management policy for a global organization with salespersonnel who mus ...


A security administrator learns that PII, which was gathered by the organization, has been found in an openforum. ...


A security engineer is configuring a wireless network with EAP TLS. Which of the following activities is arequir ...


A systems administrator wants to generate a self signed certificate for an internal website.Which of the followi ...


Which of the following controls allows a security guard to perform a post incident review.


Attackers have been using revoked certificates for MITM attacks to steal credentials from employees ofCompany.com ...


After attempting to harden a web server, a security analyst needs to determine if an application remainsvulnerabl ...


A company is allowing a BYOD policy for its staff.Which of the following is a best practice that can decrease the ...


Which of the following describes the key difference between vishing and phishing attacks.


Which of the following should a security analyst perform FIRST to determine the vulnerabilities of alegacy system ...


Which of the following components of printers and MFDs are MOST likely to be used as vectors ofcompromise if they ...


A user downloads and installs an MP3 converter, and runs the application. Upon running the application,the antivi ...


An organization plans to implement multifactor authentication techniques within the enterprise networkarchitectur ...


Upon entering an incorrect password, the logon screen displays a message informing the user thatthe password does ...


Which of the following is the BEST reason to run an untested application is a sandbox.


A security technician has been receiving alerts from several servers that indicate load balancers have had asigni ...


A security administrator is diagnosing a server where the CPU utilization is at 100% for 24 hours. The mainculpri ...


Which of the following is used to validate the integrity of data.


A user typically works remotely over the holidays using a web based VPN to access corporate resources.The user r ...


When it comes to cloud computing, if one of the requirements for a project is to have the most control overthe sy ...


A security analyst is acquiring data from a potential network incident.Which of the following evidence is the ana ...



A security analyst conducts a manual scan on a known hardened host that identifies many non compliantitems.Which ...


Which of the following solutions should an administrator use to reduce the risk from an unknownvulnerability in a ...


A network administrator needs to allocate a new network for the R&D group. The network must not beaccessible from ...


To help prevent one job role from having sufficient access to create, modify, and approve payroll data,which of t ...


The help desk received a call after hours from an employee who was attempting to log into the payrollserver remot ...


An analyst receives an alert from the SIEM showing an IP address that does not belong to the assignednetwork can ...


A security engineer must install the same x.509 certificate on three different servers. The client applicationtha ...


Which of the following refers to the term used to restore a system to its operational state.


A Chief Information Officer (CIO) recently saw on the news that a significant security flaws exists with aspecifi ...


An organization is expanding its network team. Currently, it has local accounts on all network devices, butwith g ...


An active/passive configuration has an impact on:


Which of the following would provide additional security by adding another factor to a smart card.


A systems administrator wants to implement a wireless protocol that will allow the organization toauthenticate mo ...


Which of the following uses precomputed hashes to guess passwords.


A Chief Information Security Officer (CISO) has tasked a security analyst with assessing the securityposture of a ...


A company has noticed multiple instances of proprietary information on public websites. It has alsoobserved an in ...


A security analyst is investigating a potential breach. Upon gathering, documenting, and securing theevidence, wh ...


A company is performing an analysis of the corporate enterprise network with the intent of identifying whatwill c ...


A company wants to ensure confidential data from storage media is sanitized in such a way that the drivecannot be ...


A forensic expert is given a hard drive from a crime scene and is asked to perform an investigation. Whichof the ...


An incident response manager has started to gather all the facts related to a SIEM alert showingmultiple systems ...


A stock trading company had the budget for enhancing its secondary datacenter approved. Since the main site is a ...


User from two organizations, each with its own PKI, need to begin working together on a joint project. Which of ...


A security analyst is mitigating a pass the hash vulnerability on a Windows infrastructure. Given the requirem ...


A security analyst is reviewing an assessment report that includes software versions, running services, supporte ...


Two users must encrypt and transmit large amounts of data between them. Which of the following should they use t ...


A new Chief Information Officer (CIO) has been reviewing the badging and decides to write a policy that all empl ...


A software developer is concerned about DLL hijacking in an application being written. Which of the following is ...


An application was recently compromised after some malformed data came in via web form. Which of the following w ...


A systems administrator found a suspicious file in the root of the file system. The file contains URLs, username ...


A computer emergency response team is called at midnight to investigate a case in which a mail server was restar ...


A remote intruder wants to take inventory of a network so exploits can be researched. The intruder is looking fo ...


A security technician is configuring an access management system to track and record user actions. Which of the ...


A security administrator installed a new network scanner that identifies new host systems on the network. Which ...


A Chief Information Officer (CIO) has decided it is not cost effective to implement safeguards against a known v ...


A technician is investigating a potentially compromised device with the following symptoms: #Browser slowness ...


A penetration tester has written an application that performs a bit by bit XOR 0xFF operation on binaries prio ...


An audit reported has identifies a weakness that could allow unauthorized personnel access to the facility at it ...


A company has two wireless networks utilizing captive portals. Some employees report getting a trust error in th ...


Company A has acquired Company


A technician is configuring a load balancer for the application team to accelerate the network performance of th ...


An external attacker can modify the ARP cache of an internal computer. Which of the following types of attacks i ...


A systems administrator has isolated an infected system from the network and terminated the malicious process fr ...


A new security administrator ran a vulnerability scanner for the first time and caused a system outage. Which of ...


A security analyst is hardening a WiFi infrastructure. The primary requirements are the following: #The infrast ...


A security administrator is trying to eradicate a worm, which is spreading throughout the organization, using an ...


Which of the following is a deployment concept that can be used to ensure only the required OS access is exposed ...


A procedure differs from a policy in that it:


Which of the following types of penetration test will allow the tester to have access only to password hashes pr ...


Which of the following threats has sufficient knowledge to cause the MOST danger to an organization.


While troubleshooting a client application connecting to the network, the security administrator notices the fol ...


A business sector is highly competitive, and safeguarding trade secrets and critical information is paramount. O ...


Which of the following locations contain the MOST volatile data.


Ann, a customer, is reporting that several important files are missing from her workstation. She recently receiv ...


Joe, a user, has been trying to send Ann, a different user, an encrypted document via email. Ann has not receive ...


A systems administrator is configuring a system that uses data classification labels. Which of the following wil ...


An analyst is using a vulnerability scanner to look for common security misconfigurations on devices. Which of t ...


A security analyst is reviewing patches on servers. One of the servers is reporting the following error message ...


A bank is experiencing a DoS attack against an application designed to handle 500 IP based sessions. in additio ...


A malicious system continuously sends an extremely large number of SYN packets to a server. Which of the followi ...


Which of the following is the proper order for logging a user into a system from the first step to the last step ...


A company stores highly sensitive data files used by the accounting system on a server file share. The accountin ...


A bank uses a wireless network to transmit credit card purchases to a billing system. Which of the following wou ...


A help desk technician receives a phone call from an individual claiming to be an employee of the organization a ...


A company wants to implement an access management solution that allows employees to use the same usernames and p ...


An external auditor visits the human resources department and performs a physical security assessment. The audit ...


Which of the following authentication concepts is a gait analysis MOST closely associated.


Due to regulatory requirements, server in a global organization must use time synchronization. Which of the foll ...


When sending messages using symmetric encryption, which of the following must happen FIRST.


Which of the following scenarios BEST describes an implementation of non repudiation.


An office manager found a folder that included documents with various types of data relating to corporate client ...


Which of the following is an asymmetric function that generates a new and separate key every time it runs.


Which of the following would be considered multifactor authentication.


A security auditor is testing perimeter security in a building that is protected by badge readers. Which of the ...


An organization wants to upgrade its enterprise wide desktop computer solution. The organization currently has ...


An organization has implemented an IPSec VPN access for remote users. Which of the following IPSec modes would b ...


Several workstations on a network are found to be on OS versions that are vulnerable to a specific attack. Which ...


A security administrator has configured a RADIUS and a TACACS+ server on the company’s network. Network de ...


A number of employees report that parts of an ERP application are not working. The systems administrator reviews ...


A security analyst receives a notification from the IDS after working hours, indicating a spike in network traff ...