The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?


A. Using least privilege
B. Changing the default password
C. Assigning individual user IDs
D. Implementing multifactor authentication

A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mitigate this vulnerability quickly?


A. Insurance
B. Patching
C. Segmentation
D. Replacement

Which of the following would be best suited for constantly changing environments?


A. RTOS
B. Containers
C. Embedded systems
D. SCADA

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?


A. SSO
B. LEAP
C. MFA
D. PEAP

DRAG DROP
A security engineer is setting up passwordless authentication for the first time.

INSTRUCTIONS
Drag and drop the MINIMUM set of commands to set this up and verify that it works. Commands may only be used once, and not all will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Select and Place:

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?


A. Create a blocklist for all subject lines.
B. Send the dead domain to a DNS sinkhole.
C. Quarantine all emails received and notify all employees.
D. Block the URL shortener domain in the web proxy.

A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?


A. Jamming
B. NFC attacks
C. Disassociation
D. Bluesnarfing
E. Evil twin

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?


A. Contain the impacted hosts.
B. Add the malware to the application blocklist.
C. Segment the core database server.
D. Implement firewall rules to block outbound beaconing.