A large retail store's network was breached recently, and this news was made public. The store did not lose any
intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the
store lost revenue after the breach. Which of the following is the most likely reason for this issue?


A. Employee training
B. Leadership changes
C. Reputation damage
D. Identity theft

Two organizations are discussing a possible merger. Both organizations' Chief Financial Officers would like to
safely share payroll data with each other to determine if the pay scales for different roles are similar at both
organizations. Which of the following techniques would be best to protect employee data while allowing the
companies to successfully share this information?


A. Pseudo-anonymization
B. Tokenization
C. Data masking
D. Encryption

A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of
the following technologies will accomplish this objective?


A. Security information and event management
B. A web application firewall
C. A vulnerability scanner
D. A next-generation firewall

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the
logs, the analyst identifies a source IP address and blocks that address from communicating with the network.
Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of
different source IP addresses. Which of the following describes this type of attack?


A. DDoS
B. Privilege escalation
C. DNS poisoning
D. Buffer overflow

A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the
following would best meet these requirements?


A. Internet proxy
B. VPN
C. WAF
D. Firewall

Which of the following can be used to identify potential attacker activities without affecting production servers?


A. Honeypot
B. Video surveillance
C. Zero trust
D. Geofencing

An administrator is reviewing a single server's security logs and discovers the following:

Which of the following best describes the action captured in this log file?

A. Brute-force attack
B. Privilege escalation
C. Failed password audit
D. Forgotten password by the user

Which of the following is the phase in the incident response process when a security analyst reviews roles and
responsibilities?


A. Preparation
B. Recovery
C. Lessons learned
D. Analysis

During a security incident, the security operations team identified sustained network traffic from a malicious IP
address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing
the organization's network. Which of the following fulfills this request?


A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32
B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0
C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0
D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

A small business uses kiosks on the sales floor to display product information for customers. A security team
discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to
document as a security implication of the current architecture?


A. Patch availability
B. Product software compatibility
C. Ease of recovery
D. Cost of replacement