A backdoor was detected on the containerized application environment. The investigation detected that a zero-
day vulnerability was introduced when the latest container image version was downloaded from a public
registry. Which of the following is the best solution to prevent this type of incident from occurring again?


A. Enforce the use of a controlled trusted source of container images.
B. Deploy an IPS solution capable of detecting signatures of attacks targeting containers.
C. Define a vulnerability scan to assess container images before being introduced on the environment.
D. Create a dedicated VPC for the containerized environment.

Which of the following best describes why a company would erase a newly purchased device and install its own
image with an operating system and applications?


A. Installing a new operating system thoroughly tests the equipment
B. Removing unneeded applications reduces the system's attack surface
C. Reimaging a system creates an updated baseline of the computer image
D. Wiping the device allows the company to evaluate its performance

All security analysts' workstations at a company have network access to a critical server VLAN. The information
security manager wants to further enhance the controls by requiring that all access to the secure VLAN be
authorized only from a given single location. Which of the following will the information security manager most
likely implement?


A. A forward proxy server
B. A jump server
C. A reverse proxy server
D. A stateful firewall server

Which of the following mitigation techniques places devices in physically or logically separated networks and
leverages policies to limit the types of communications that are allowed?


A. Host-based firewalls
B. Access control list
C. Port security
D. Least privilege

An engineer needs to deploy a security measure to identify and prevent data tampering within the enterprise.
Which of the following will accomplish this goal?


A. Antivirus
B. IPS
C. FTP
D. FIM

Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a security analyst for further review. The security analyst reviews the following metrics:

Which of the following is most likely the result of the security analyst's review?

A. The ISP is dropping outbound connections.
B. The user of the Sales-PC fell for a phishing attack
C. Corporate PCs have been turned into a botnet.
D. An on-path attack is taking place between PCs and the router.

A security analyst reports a company policy violation in a case in which a large amount of sensitive data is
being downloaded after hours from various mobile devices to an external site. Upon further investigation, the
analyst notices that successful login attempts are being conducted with impossible travel times during the same
time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are
using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of
the following attacks is being conducted?


A. Evil twin
B. Jamming
C. DNS poisoning
D. Bluesnarfing
E. DDoS

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be
taken first?


A. Air gap the system.
B. Move the system to a different network segment.
C. Create a change control request.
D. Apply the patch to the system.

After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the
following control types did the administrator use?


A. Compensating
B. Detective
C. Preventive
D. Corrective

Which of the following is the best reason to complete an audit in a banking environment?


A. Regulatory requirement
B. Organizational change
C. Self-assessment requirement
D. Service-level requirement