An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote
work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and
internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote
employee internet traffic. Which of the following will help achieve these objectives?


A. Deploying a SASE solution to remote employees
B. Building a load-balanced VPN solution with redundant internet
C. Purchasing a low-cost SD-WAN solution for VPN traffic
D. Using a cloud provider to create additional VPN concentrators

Which of the following methods is the most effective for reducing vulnerabilities?


A. Joining an information-sharing organization
B. Using a scan-patch-scan process
C. Implementing a bug bounty program
D. Patching low-scoring vulnerabilities first

Which of the following is the best method for ensuring non-repudiation?


A. SSO
B. Digital certificate
C. Token
D. SSH key

An organization routes all of its traffic through a VPN. Most users are remote and connect into a corporate data
center that houses confidential information. There is a firewall at the internet border, followed by a DLP
appliance, the VPN server, and the data center itself. Which of the following is the weakest design element?


A. The DLP appliance should be integrated into a NGFW.
B. Split-tunnel connections can negatively impact the DLP appliance's performance.
C. Encrypted VPN traffic will not be inspected when entering or leaving the network.
D. Adding two hops in the VPN tunnel may slow down remote connections.

A company has installed badge readers for building access but is finding unauthorized individuals roaming the
hallways. Which of the following is the most likely cause?


A. Shoulder surfing
B. Phishing
C. Tailgating
D. Identity fraud

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems.
Several users also reported that the new company flash drives they picked up in the break room only have
512KB of storage. Which of the following is most likely the cause?


A. The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the
drives to only 512KB of storage.

B. The new flash drives need a driver that is being blocked by the AV software because the flash drives are not
on the application's allow list, temporarily restricting the drives to 512KB of storage.

C. The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an
unapproved application to repartition the drives.

D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest
plaintext credentials from memory.

A company wants to deploy decoy systems alongside production systems in order to entice threat actors and to
learn more about attackers. Which of the following best describes these systems?


A. DNS sinkholes
B. Honeypots
C. Virtual machines
D. Neural networks

Law enforcement officials sent a company a notification that states electronically stored information and paper
documents cannot be destroyed. Which of the following explains this process?


A. Data breach notification
B. Accountability
C. Legal hold
D. Chain of custody

A marketing coordinator is trying to access a social media application on a company laptop but is getting
blocked. The coordinator opens a help desk ticket to report the issue. Which of the following documents should
a security analyst review to determine whether accessing social media applications on a company device is
permitted?


A. Incident response policy
B. Business continuity policy
C. Change management policy
D. Acceptable use policy

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?


A. SaaS
B. PaaS
C. IaaS
D. DaaS