A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources.
The engineer enters the command show mac address-table and reviews the following output:

Which of the following best describes the attack that is currently in progress'?

A. MAC flooding
B. Evil twin
C. ARP poisoning
D. DHCP spoofing

A security analyst is using OSINT to gather information to verify whether company data is available publicly.
Which of the following is the best application for the analyst to use?


A. theHarvester
B. Cuckoo
C. Nmap
D. Nessus

A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain
categories of websites whether the employee is in the office or away. Which of the following solutions should
the CISO implement?


A. WAF
B. SWG
C. VPN
D. HIDS

Unauthorized devices have been detected on the internal network. The devices' locations were traced to
Ethernet ports located in conference rooms. Which of the following would be the best technical controls to
implement to prevent these devices from accessing the internal network?


A. NAC
B. DLP
C. IDS
D. MFA

Which of the following security controls can be used to prevent multiple people from using a unique card swipe
and being admitted to a secure entrance?


A. Visitor logs
B. Faraday cages
C. Access control vestibules
D. Motion detection sensors

An employee who is using a mobile device for work, is required to use a fingerprint to unlock the device. Which
of the following is this an example of?


A. Something you know
B. Something you are
C. Something you have
D. Somewhere you are

Stakeholders at an organization must be kept aware of any incidents and receive updates on status changes as
they occur. Which of the following plans would fulfill this requirement?


A. Communication plan
B. Disaster recovery plan
C. Business continuity plan
D. Risk plan

Which of the following roles would most likely have direct access to the senior management team?


A. Data custodian
B. Data owner
C. Data protection officer
D. Data controller

A security investigation revealed that malicious software was installed on a server using a server administrator's
credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in.
Which of the following most likely occurred?


A. A spraying attack was used to determine which credentials to use
B. A packet capture tool was used to steal the password
C. A remote-access Trojan was used to install the malware
D. A dictionary attack was used to log in as the server administrator

A small, local company experienced a ransomware attack. The company has one web-facing server and a few
workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward
all polls so that the server is viewable from the internet. The company uses an older version of third-party
software to manage the website. The assets were never patched. Which of the following should be done to
prevent an attack like this from happening again? (Choose three.)


A. install DLP software to prevent data loss
B. Use the latest version of software
C. Install a SIEM device
D. Implement MDM
E. Implement a screened subnet for the web server
F. Install an endpoint security solution
G. Update the website certificate and revoke the existing ones
H. Deploy additional network sensors