Which of the following threat vectors would appear to be the most legitimate when used by a malicious actor to impersonate a company?


A. Phone call
B. Instant message
C. Email
D. Text message

A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use?


A. SDP
B. AAA
C. IaaS
D. MSSP
E. Microservices

A company's Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers?


A. A capture-the-flag competition
B. A phishing simulation
C. Physical security training
D. Basic awareness training

A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)


A. Dual power supply
B. Off-site backups
C. Automatic OS upgrades
D. NIC teaming
E. Scheduled penetration testing
F. Network-attached storage

Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?


A. Privacy
B. Availability
C. Integrity
D. Confidentiality

A systems administrator needs to implement an access control scheme that will allow an object's access policy to be determined by its owner. Which of the following access control schemes BEST fits the requirements?


A. Role-based access control
B. Discretionary access control
C. Mandatory access control
D. Attribute-based access control

A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy.
The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met:
Mobile device OSs must be patched up to the latest release.
A screen lock must be enabled (passcode or biometric).
Corporate data must be removed if the device is reported lost or stolen.
Which of the following controls should the security engineer configure? (Choose two.)


A. Containerization
B. Storage segmentation
C. Posturing
D. Remote wipe
E. Full-device encryption
F. Geofencing

Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log in to any thin client located throughout the building and see the same desktop each time. Which of the following technologies are being utilized to provide these capabilities? (Choose two.)


A. COPE
B. VDI
C. GPS
D. TOTP
E. RFID
F. BYOD

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:

Which of the following attacks MOST likely occurred?

A. Dictionary
B. Credential-stuffing
C. Password-spraying
D. Brute-force

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications.
The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that will occur?


A. Bug bounty
B. Black-box
C. Gray-box
D. White-box
E. Red-team