A systems administrator works for a local hospital and needs to ensure patient data is protected and secure.
Which of the following data classifications should be used to secure patient data?


A. Private
B. Critical
C. Sensitive
D. Public

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while
hardening the network. After the firewall is configured, users receive errors stating the website could not be
located. Which of the following would best correct the issue?


A. Setting an explicit deny to all traffic using port 80 instead of 443
B. Moving the implicit deny from the bottom of the rule set to the top
C. Configuring the first line in the rule set to allow all traffic
D. Ensuring that port 53 has been explicitly allowed in the rule set

A website visitor is required to provide properly formatted information in a specific field on a website form.
Which of the following security measures is most likely used for this mandate?


A. Input validation
B. Code signing
C. SQL injection
D. Form submission

A digital forensics team at a large company is investigating a case in which malicious code was downloaded
over an HTTPS connection and was running in memory, but was never committed to disk. Which of the
following techniques should the team use to obtain a sample of the malware binary?


A. pcap reassembly
B. SSD snapshot
C. Image volatile memory
D. Extract from checksums

An attacker is targeting a company. The attacker notices that the company's employees frequently access a
particular website. The attacker decides to infect the website with malware and hopes the employees' devices
will also become infected. Which of the follow ng techniques is the attacker using?


A. Watering-hole attack
B. Pretexting
C. Typosquatting
D. Impersonation

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report.
Which of the following describes the administrator's activities?


A. Continuous deployment
B. Continuous integration
C. Data owners
D. Data processor

Security analysts have noticed the network becomes flooded with malicious packets at specific times of the
day. Which of the following should the analysts use to investigate this issue?


A. Web metadata
B. Bandwidth monitors
C. System files
D. Correlation dashboards

A security administrator installed a new web server. The administrator did this to increase the capacity for an
application due to resource exhaustion on another server. Which of the following algorithms should the
administrator use to split the number of the connections on each server in half?


A. Weighted response
B. Round-robin
C. Least connection
D. Weighted least connection

An employee received multiple messages on a mobile device. The messages were instructing the employee to
pair the device to an unknown device. Which of the follow ng best describes what a malicious person might be
doing to cause this issue to occur?


A. Jamming
B. Bluesnarfing
C. Evil twin attack
D. Rogue access point

A network architect wants a server to have the ability to retain network availability even if one of the network
switches it is connected to goes down. Which of the following should the architect implement on the server to
achieve this goal?


A. RAID
B. UPS
C. NIC teaming
D. Load balancing