A security engineer is concerned about using an agent on devices that relies completely on defined known-bad
signatures. The security engineer wants to implement a tool with multiple components including the ability to
track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions best
fits this use case?


A. EDR
B. DLP
C. NGFW
D. HIPS

A security assessment found that several embedded systems are running unsecure protocols. These systems
were purchased two years ago, and the company that developed them is no longer in business. Which of the
following constraints best describes the reason the findings cannot be remediated?


A. Inability to authenticate
B. Implied trust
C. Lack of computing power
D. Unavailable patch

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company
most likely use?


A. Hashing
B. Tokenization
C. Encryption
D. Segmentation

A critical file server is being upgraded, and the systems administrator must determine which RAID level the new
server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels
meets this requirement?


A. RAID 0+1
B. RAID 2
C. RAID 5
D. RAID 6

Recent changes to a company's BYOD policy require all personal mobile devices to use a two-factor
authentication method that is not something you know or have. Which of the following will meet this
requirement?


A. Facial recognition
B. Six-digit PIN
C. PKI certificate
D. Smart card

A large financial services firm recently released information regarding a security breach within its corporate
network that began several years before. During the time frame in which the breach occurred, indicators show
an attacker gained administrative access to the network through a file downloaded from a social media site and
subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take
command and control of the computer systems anonymously while obtaining sensitive corporate and personal
employee information. Which of the following methods did the attacker most likely use to gain access?


A. A bot
B. A fileless virus
C. A logic bomb
D. A RAT

Developers are writing code and merging it into shared repositories several times a day, where it is tested
automatically. Which of the following concepts does this best represent?


A. Functional testing
B. Stored procedures
C. Elasticity
D. Continuous integration

During an internal penetration test, a security analyst identified a network device that had accepted cleartext
authentication and was configured with a default credential. Which of the following recommendations should
the security analyst make to secure this device?


A. Configure SNMPv1.
B. Configure SNMPv2c.
C. Configure SNMPv3.
D. Configure the default community string.

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for
data privacy and sharing. Which of the following should the CISO read and understand before writing the
policies?


A. PCI DSS
B. GDPR
C. NIST
D. ISO 31000

An external forensics investigator has been hired to investigate a data breach at a large enterprise with
numerous assets. It is known that the breach started in the perimeter network and moved to the sensitive
information, generating multiple logs as the attacker traversed through the network. Which of the following will
best assist with this investigation?


A. Perform a vulnerability scan to identify the weak spots.
B. Use a packet analyzer to investigate the NetFlow traffic.
C. Check the SIEM to review the correlated logs.
D. Require access to the routers to view current sessions.