Which of the following terms should be included in a contract to help a company monitor the ongoing security
maturity of a new vendor?


A. A right-to-audit clause allowing for annual security audits
B. Requirements for event logs to be kept for a minimum of 30 days
C. Integration of threat intelligence in the company's AV
D. A data-breach clause requiring disclosure of significant data loss

A network manager wants to protect the company's VPN by multifactor authentication that uses:
Something you know
Something you have
Somewhere you are
Which of the following would accomplish the manager's goal?


A. Domain name. PKI, GeoIP lookup
B. VPN IP address, company ID. partner site
C. Password, authentication token, thumbprint
D. Company URL, TLS certificate, home address

A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors of real-
world events in order to improve the incident response team's process. Which of the following is the analyst
most likely participating in?


A. MITRE ATT&CK
B. Walk-through
C. Red team
D. Purple team
E. TAXII

Security analysts notice a server login from a user who has been on vacation for two weeks. The analysts confirm that the user did not log in to the system while on vacation. After reviewing packet capture logs, the analysts notice the following:

Which of the following occurred?


A. A buffer overflow was exploited to gain unauthorized access.
B. The user's account was compromised, and an attacker changed the login credentials.
C. An attacker used a pass-the-hash attack to gain access.
D. An insider threat with username smithJA logged in to the account.

An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting
up offices in a temporary work space. Which of the following will the organization most likely consult?


A. The business continuity plan
B. The risk management plan
C. The communication plan
D. The incident response plan

A customer called a company's security team to report that all invoices the customer has received over the last
five days from the company appear to have fraudulent banking details. An investigation into the matter reveals
the following:
The manager of the accounts payable department is using the same password across multiple external
websites and the corporate account.
One of the websites the manager used recently experienced a data breach.
The manager's corporate email account was successfully accessed in the last five days by an IP address
located in a foreign country.
Which of the following attacks has most likely been used to compromise the manager's corporate account?


A. Remote access Trojan
B. Brute-force
C. Dictionary
D. Credential stuffing
E. Password spraying

An information security officer at a credit card transaction company is conducting a framework-mapping
exercise with the internal controls. The company recently established a new office in Europe. To which of the
following frameworks should the security officer map the existing controls? (Choose two.)


A. ISO
B. PCIDSS
C. SOC
D. GDPR
E. CSA
F. NIST

Which of the following can best protect against an employee inadvertently installing malware on a company
system?


A. Host-based firewall
B. System isolation
C. Least privilege
D. Application allow list

A company's help desk has received calls about the wireless network being down and users being unable to
connect to it. The network administrator says all access points are up and running. One of the help desk
technicians notices the affected users are working in a building near the parking lot. Which of the following is
the most likely reason for the outage?


A. Someone near the building is jamming the signal.
B. A user has set up a rogue access point near the building.
C. Someone set up an evil twin access point in the affected area.
D. The APs in the affected area have been unplugged from the network.

A government organization is developing an advanced Al defense system. Developers are using information
collected from third-party providers. Analysts are noticing inconsistencies in the expected progress of the Al
learning and attribute the outcome to a recent attack on one of the suppliers. Which of the following is the most
likely reason for the inaccuracy of the system?


A. Improper algorithms security
B. Tainted training data
C. Fileless virus
D. Cryptomalware