Which of the following strategies shifts risks that are not covered in an organization's risk strategy?


A. Risk transference
B. Risk avoidance
C. Risk mitigation
D. Risk acceptance

Which of the following must be considered when designing a high-availability network? (Choose two.)


A. Ease of recovery
B. Ability to patch
C. Physical isolation
D. Responsiveness
E. Attack surface
F. Extensible authentication

A bakery has a secret recipe that it wants to protect. Which of the following objectives should be added to the company's security awareness training?


A. Insider threat detection
B. Risk analysis
C. Phishing awareness
D. Business continuity planning

Which of the following agreements defines response time, escalation points, and performance metrics?


A. BPA
B. MOA
C. NDA
D. SLA

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?


A. Insider threat
B. Hacktivist
C. Nation-state
D. Organized crime

Which of the following is the correct order of volatility from most to least volatile?


A. Memory, temporary filesystems, routing tables, disk, network storage
B. Cache memory, temporary filesystems, disk, archival media
C. Memory, disk temporary filesystems, cache, archival media
D. Cache, disk, temporary filesystems, network storage, archival media

A security professional wants to enhance the protection of a critical environment that is used to store and manage a company's encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal?


A. DLP
B. HSM
C. CA
D. FIM

A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:
http://comptia.org/../../../etc/passwd
Which of the following types of attacks is being attempted and how can it be mitigated?


A. XSS; implement a SIEM
B. CSRF; implement an IPS
C. Directory traversal; implement a WAF
D. SQL injection; implement an IDS

An organization recently acquired an ISO 27001 certification. Which of the following would most likely be considered a benefit of this certification?


A. It allows for the sharing of digital forensics data across organizations.
B. It provides insurance in case of a data breach
C. It provides complimentary training and certification resources to IT security staff
D. It certifies the organization can work with foreign entities that require a security clearance
E. It assures customers that the organization meets security standards

A user downloaded an extension for a browser and the user's device later became infected. The analyst who is investigating the incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running:
New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume –
DriveLetter C – FileSystemLabel "New"-FileSystem NTFS – Full -Force –
Confirm:$false |
Which of the following is the malware using to execute the attack?


A. PowerShell
B. Python
C. Bash
D. Macros