Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?


A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
B. The document is a backup file if the system needs to be recovered.
C. The document is a standard file that the OS needs to verify the login credentials.
D. The document is a keylogger that stores all keystrokes should the account be compromised.

A public relations team will be taking a group of guests on a tour through the facility of a large e- commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against:


A. loss of proprietary information.
B. damage to the company's reputation.
C. social engineering.
D. credential exposure.

A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause?


A. Checksums
B. Watermarks
C. Order of volatility
D. A log analysis
E. A right-to-audit clause

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?


A. Data encryption
B. Data masking
C. Data deduplication
D. Data minimization

A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the Internet. While reviewing logs and tool output, the analyst sees the following:

Which of the following attacks has occurred?

A. IP conflict
B. Pass-the-hash
C. MAC flooding
D. Directory traversal
E. ARP poisoning

A company recently set up an e-commerce portal to sell its products online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?


A. PCI DSS
B. ISO 22301
C. ISO 27001
D. NIST CSF

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?


A. Set up an air gap for the switch.
B. Change the default password for the switch
C. Place the switch in a Faraday cage.
D. Install a cable lock on the switch.

An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization?


A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat

A security administrator checks the table of a network switch, which shows the following output:

Which of the following is happening to this switch?

A. MAC flooding
B. DNS poisoning
C. MAC cloning
D. ARP poisoning

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?


A. Updating the playbooks with better decision points
B. Dividing the network into trusted and untrusted zones
C. Providing additional end-user training on acceptable use
D. Implementing manual quarantining of infected hosts