A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine. The up-to-date antivirus cannot detect the malicious executable. Which of the following is the MOST likely cause of this issue?

A. The malware fileless and exists only in physical memory.
B. The malware detects and prevents its own execution in a virtual environment
C. The antivirus does not have the malware's signature.
D. The malware is being executed with administrative privileges.

When attempting to do a stealth scan against a system that does not respond to ping, which of the following Nmap commands BEST accomplishes that goal?

A. nmap sA O <system> -noping
B. nmap sT O <system> -Pn
C. nmap sS O <system> -Pn
D. nmap sQ O <system> -Pn

A security analyst receives an alert to expect increased and highly advanced cyberattacks originating from a foreign country that recently had sanctions implemented. Which of the following describes the type of threat actors that should concern the security analyst?

A. Insider threat
B. Nation-threat
C. Hacktivist
D. Organized crime

A security team wants to make SaaS solutions accessible from only the corporate campus. Which of the following would BEST accomplish this goal?

A. Geotagging
B. IP restrictions
C. Reverse proxy
D. Single sign-on

SIMULATION
You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The companys hardening guidelines indicate the following:
+ TLS 1.2 is the only version of TLS running
+ Apache 2.4.18 or grater should be used
+ Only default ports should be used
INSTRUCTIONS
Using the supplied data, record the status of compliance with the companys guidelines for each server.
The question contains two parts; make sure you complete Part1 and Part2. Make recommendations for issues based ONLY on the hardening guidelines provided.

Which of the following data security controls would work BEST to prevent real PII from being used in an organization's test cloud environment?

A. Encryption
B. Data loss prevention
C. Data masking
D. Digital rights management
E. Access control

An analyst is responding to an incident within a cloud infrastructure. Based on the logs and traffic analysis, the analyst thinks a container has been compromised. Which of the following should the analyst do FIRST?

A. Perform threat hunting in other areas of the cloud infrastructure.
B. Contact law enforcement to report the incident.
C. Perform a root cause analysis on the container and the service logs.
D. Isolate the container from production using a predefined policy template.

Which of the following are considered PII by themselves? (Choose two.)

A. Government ID
B. Job title
C. Employment start date
D. Birth certificate
E. Employer address
F. Mother's maiden name

A security analyst is reviewing the output of tcpdump to analyze the type of activity on a packet capture:

Which of the following generated the above output?

A. A port scan
B. A TLS connection
C. A vulnerability scan
D. A ping sweep

Which of the following BEST explains the function of a managerial control?

A. To help design and implement the security planning, program development, and maintenance of the security life cycle
B. To guide the development of training, education, security awareness programs, and system maintenance
C. To create data classification, risk assessments, security control reviews, and contingency planning
D. To ensure tactical design, selection of technology to protect data, logical access reviews, and the implementation of audit trails