A security team will be outsourcing several key functions to a third party and will require that:
Several of the functions will carry an audit burden
Attestations will be performed several times a year
Reports will be generated on a monthly basis
Which of the following best describes the document that is used to define these requirements and stipulate how
and when they are performed by the third party?


A. MOU
B. AUP
C. SLA
D. MSA

Which of the following biometric authentication methods is the most accurate?


A. Gait
B. Retina
C. Signature
D. Voice

Which of the following best describes a technique that compensates researchers for finding vulnerabilities?


A. Penetration testing
B. Code review
C. Wardriving
D. Bug bounty

A systems administrator is required to enforce MFA for corporate email account access, relying on the
possession factor. Which of the following authentication methods should the systems administrator choose?
(Choose two.)


A. Passphrase
B. Time-based one-time password
C. Facial recognition
D. Retina scan
E. Hardware token
F. Fingerprints

A user reset the password for a laptop but has been unable to log in to it since then. In addition, several
unauthorized emails were sent on the user's behalf recently. The security team investigates the issue and
identifies the following findings:
Firewall logs show excessive traffic from the laptop to an external site.
Unknown processes were running on the laptop.
RDP connections that appeared to be authorized were made to other network devices from the laptop.
High bandwidth utilization alerts from that user's username.
Which of the following is most likely installed on the laptop?


A. Worm
B. Keylogger
C. Trojan
D. Logic bomb

A security architect is working on an email solution that will send sensitive data. However, funds are not
currently available in the budget for building additional infrastructure. Which of the following should the architect
choose?


A. POP
B. IPSec
C. IMAP
D. PGP

A security analyst is reviewing computer logs because a host was compromised by malware. After the
computer was infected it displayed an error screen and shut down. Which of the following should the analyst
review first to determine more information?


A. Dump file
B. System log
C. Web application log
D. Security log

A cybersecurity analyst at Company A is working to establish a secure communication channel with a
counterpart at Company B, which is 3,000 miles (4,828 kilometers) away. Which of the following concepts
would help the analyst meet this goal in a secure manner?


A. Digital signatures
B. Key exchange
C. Salting
D. PPTP

A user is trying to upload a tax document which the corporate finance department requested but a security
program is prohibiting the upload. A security analyst determines the file contains PII. Which of the following
steps can the analyst take to correct this issue?


A. Create a URL filter with an exception for the destination website
B. Add a firewall rule to the outbound proxy to allow file uploads
C. Issue a new device certificate to the user's workstation
D. Modify the exception list on the DLP to allow the upload

An organization wants to quickly assess how effectively the IT team hardened new laptops. Which of the
following would be the best solution to perform this assessment?


A. Install a SIEM tool and properly configure it to read the OS configuration files
B. Load current baselines into the existing vulnerability scanner
C. Maintain a risk register with each security control marked as compliant or non-compliant
D. Manually review the secure configuration guide checklists