In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer's response?


A. Risk tolerance
B. Risk acceptance
C. Risk importance
D. Risk appetite

Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?


A. Business recovery plan
B. Incident response plan
C. Communication plan
D. Continuity of operations plan

Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?


A. Service accounts
B. Account audits
C. Password complexity
D. Lockout policy

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?


A. Job rotation
B. Retention
C. Outsourcing
D. Separation of duties

A local business was the source of multiple instances of credit card theft. Investigators found that most payments at this business were made at self-service kiosks. Which of the following is the most likely cause of the exposed credit card Information?


A. Insider threat
B. RAT
C. Backdoor
D. Skimming
E. NFC attack

A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?


A. hping
B. Wireshark
C. PowerShell
D. netstat

DRAG DROP
A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

INSTRUCTIONS
From the options below, drag each item to its appropriate classification as well as the MOST appropriate form of disposal.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Select and Place:

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?


A. Persistence
B. Port scanning
C. Privilege escalation
D. Pharming

HOTSPOT
You are a security administrator investigating a potential infection on a network.
INSTRUCTIONS
Click on each host and firewall. Review all logs to determine which host originated the infection and then identify if each remaining host is clean or infected.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area: